Tuesday, June 9, 2009

Stable update: 2 WebKit security fixes


Google Chrome's Stable channel has been updated to version 2.0.172.31 to fix two security issues in WebKit.

CVE-2009-1690 Memory corruption
A memory corruption issue exists in WebKit's handling of recursion in certain DOM event handlers. Visiting a maliciously crafted website may lead to a tab crash or arbitrary code execution in the Google Chrome sandbox. This update addresses the issue through improved memory management.

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Mitigations:
  • A victim would need to visit a page under an attacker's control.
  • Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.


CVE-2009-1718 Drag and drop information leak
An issue exists in WebKit's handling of drag events. This may lead to the disclosure of sensitive information when content is dragged over a maliciously crafted web page. This update addresses the issue through improved handling of drag events.

Severity: Medium. An attacker might be able to read data belonging to another web site, if a user can be convinced to select and drag data on an attacker-controlled site.

Mark Larson
Google Chrome Program Manager

12 comments:

Diego said...

These security inssues are in the beta and dev channel? (In beta we have 2.0.172.30)

Andy said...

I second Diego's question. I'm trying to update my Chrome Beta, but it says its updated, which, if I'm going by the numbers, is wrong.

Diego said...

Ok, i get updated now. Thxs.

Elias Heymann said...
This comment has been removed by the author.
Elias said...

where to download the associated snapshot?

Ariel Méndez said...

in the dev channel... the download speed don´t appear! please fix it! thanks!!

wiert said...

This update post should at least be labled "Stable updates", as currently it is not found in this list:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

motobass said...

Oh sure, blame WebKit. :)

joegrind said...

I've been having annoying page hang-ups, freezes etc ever since stable hit 2.0...I haven't seen any other complaints regarding this....I've been reporting these issues via Chrome. I've done the install/ reinstall SEVERAL times. I figure something is unique to my system....how can I proceed?

Tim Wood said...

When will this update make it into alternate download (aka standalone/offline) installer? My office's web filtering SUCKS and has blocked dl.google.com for reason "Questionable Browsing". F-ing BS.

URL I usually get the standalone installer from is: http://www.google.com/chrome/eula.html?standalone=1

Thanks!

yonie said...

Am I the only one having problems with this latest release? This version has me crashing on certain AJAX heavy sites like Facebook

seiichiro said...

I finished upgrade, but couldn't open option dialog and about menu. So, I couldn't get my chrome version.