Stable Channel Update
Wednesday, September 30, 2009
3.0.195.24 has been promoted to the stable channel. There are no additional fixes or changes in this release.
Security Fixes:
CVE-2009-0689 dtoa() error parsing long floating point numbers
The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component.
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected.
Mitigations:
Security Fixes:
CVE-2009-0689 dtoa() error parsing long floating point numbers
The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component.
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected.
Mitigations:
- A victim would need to visit a page under an attacker's control.
- Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.
