Monday, June 22, 2009

Stable, Beta update: Security fix


Google Chrome 2.0.172.33 has been released to the Stable and Beta channels. This release fixes a critical security issue and two other networking bugs.

CVE-2009-2121: Buffer overflow processing HTTP responses
Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly allow an attacker to run arbitrary code. 

More info:  http://code.google.com/p/chromium/issues/detail?id=14508 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: Critical. An attacker might be able to run code with the privileges of the logged on user.

Credit: This issue was found by the Google Chrome security team.

Other issues
This release also fixes two other network issues:
  - NTLM authentication to Squid proxies fails when trying to connect to HTTPS sites (Issue 8771)
  - Browser crash when loading some HTTPS sites (Issue 13226)
  
Mark Larson
Google Chrome Program Manager

9 comments:

Mr.Wizard said...

I'm surprised to see that Chrome has this kind of bug.

I expected to see a lot less bugs like buffer overflows that let attackers run code with the privileges of the logged on user in Chrome than in other browsers because of Chrome's sandboxing feature.

Do you have a comment on what caused this bug, how likely it is for something like this to happen again and what measures you are putting in place to help avoid bugs like this in future?

Is there a reason sandboxing didn't help, or is it simply that the code in question isn't inside the sandbox?

Emperor said...

Is that why can't I open bloomberg site? http://www.bloomberg.com

Wade said...

Bloomberg.com also broken for me. Also locks up browser and I had to kill with Process Explorer. Website is fine with FF 3.5 and IE 8

Fabio Turati said...

Bloomberg works fine on my pc after updating to 172.33 (I don't know whether it worked with 172.31).
Windows XP SP3 32 bit.

Emperor said...

Fabio Turati: We are talking about V3.0.189.0

Mr.Wizard said...

I've submitted a bug for the Bloomberg issue to the Chrome bug tracker - star it to say you have the same problem and to make sure it gets attention

Emperor said...

This is weird, I had the "bloomberg" problem with both "normal mode" and "incognito mode" but now I just got it with incognito mode.

Chris Evans said...

@Mr.Wizard,

Thanks for your question. Your instinct is correct that the code in question here is outside the sandbox. The bug is in Chrome's browser kernel, which we try to keep small relative to the renderer code (which does run inside the sandbox).

Measures we are taking include a lot of internal code auditing, fuzzing and review. As you can see, we found this issue internally in the Chrome security team. We continue to work to keep the larger, more complex parts of the browser inside the sandbox.

Thanks,
Chris Evans, Chrome Security

Jeffrey said...

This version of Google Chrome stable version 2.0.172.33 seems to have a major problem regarding to the speed and response of the websites. Sometimes it may hang for a while before access to different websites. When I need to change the websites during the process, this version of Google Chrome does not response to what the actual way that I needed. Besides that, why the Google Chrome always appear a cross and Linktest failed during the execution of Acid3 Test. I really hope that Google Team really put some effort in tweaking the Google Chrome browser to attain the ultimate standards. Another problem is the attacker message always appear without any reasons...Why? Hope Google Team can solve this problem as soon as possible as I very appreciate with the working behind google team. Thanks!