Recent Forum Topics
- Post-SP3 Updates for Office 2003...
- I found a "Locked to Win8...
- Windows 2000/XP http download sp...
- Password Protection for User Acc...
- help with game installations
- The upcoming new tool for Win 7/...
- skype goes down
- Cannot change resources in Windo...
- Anyone still planning to use XP?
- Post-SP1 Updates for Office 2013...
Google fixes 15 vulnerabilities in Chrome browser
Posted on Dec 14 2011 03:43 PM by xper in Security
Two of them have a medium severity rating and allow attackers to access parts of the system memory that weren't allocated to the program. This can result in the exposure of sensitive information.
The other two allow attackers to execute arbitrary code by tricking victims into opening maliciously crafted PDF files and have a high severity rating.
In total, there were six high-risk, seven medium-risk and two low-risk vulnerabilities patched in Chrome 16. Seven of them were discovered by Chromium developers and members of the Chrome and Google Security Teams, while the rest were found by external researchers who earned $6,000 through the Chromium Security Reward program for their reports.
Six vulnerabilities were discovered with the help of an open-source tool called AddressSanitizer, Google Chrome engineer Anthony Laforge said in a blog post.
However, while the arbitrary code execution and unauthorized memory access flaws pose a serious risk in theory, their actual impact is severely reduced by Google Chrome's sandbox.
Sandboxing is an anti-exploitation technology that isolates potentially vulnerable components, like those used for content parsing, from the operating system. These components gain access to system resources through a special brokering process that's easier to keep free of bugs.
As a result, if an attacker exploits, for example, a Chrome PDF handling vulnerability, their actions are restricted to the sandboxed environment and they can't execute arbitrary code on the actual system.
A recent Google-funded study conducted by security consultancy firm Accuvant, determined that Chrome is the most secure browser when compared to Internet Explorer and Firefox. Accuvant's researchers analyzed the anti-exploitation technologies implemented in the three browsers, including process sandboxing, plug-in security, JIT hardening techniques, ASLR, DEP and stack cookies (GS).
Homepage: Google Chrome