Google patches two serious flaws in Chrome

Home
Topics
IT security
Hackers and cybercrime prevention
Google patches two serious flaws in Chrome

News

Google patches two serious flaws in Chrome

Google has patched two serious security holes in its Javascript and XML engines, according to a blog post on the Google Chrome website.

The post said, "A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorised memory, bypassing security checks. It is possible that this could lead to disclosing unauthorised data to an attacker or allow an attacker to run arbitrary code."

Google has rated this security risk as high, because a hacker could run malicious code within the Chrome browser.

The second flaw affects XML. Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected, said Jonathan Conradt, engineering program manager at Google.

Chris Evans of Google's security team said neither of the flaws have been rated as critical because Google Chrome uses a sandbox which prevents arbitrary code from directly running on a user's PC.

Related Topics: Hackers and cybercrime prevention, IT risk management, IT strategy, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Read More

RELATED CONTENT FROM THE TECHTARGET NETWORK

Show me more

COMMENTS powered by Disqus // Commenting policy

More from Related TechTarget Sites

CIO
Security UK
Networking UK
Virtual Data Centre
Data Management UK

CIO
- CIO role through the lens of MIT: Agile rebel or company dishwasher?
  
  The CIO role was under the microscope at MIT this week. Will CIOs be the standard bearers of the IT revolution or just stuck cleaning up the mess?
- Download the latest Enterprise CIO Decisions issues
  
  Download the latest Enterprise CIO Decisions issues
- Innovation and agility start with application process optimization
  
  This tip discusses how to achieve the goals of business process reengineering, including application process optimization for innovation and agility.
Security UK
- Prep and test your Olympics 2012 security contingency plans
  
  To maintain information security during the 2012 Olympics, security and IT contingency plans must be tested in several key areas.
- File upload security best practices: Block a malicious file upload
  
  Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks.
- MDM, security vendors scramble to address BYOD security issues
  
  Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.
Networking UK
- Cisco Live London: 40 and 100 GbE, souped up WLAN
  
  At Cisco Live London, Cisco launched 40 and 100 GbE switching, a souped-up 4-antenna WLAN access point, and a host of network virtualisation technologies.
- UK Networkers should gear up for mobility implementations in 2012
  
  Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.
- Cloud gets vote of confidence from UK buyers in 2012 IT priorities
  
  The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.
Virtual Data Centre
- Is Dell eyeing Quest Software following its Wyse acquisition?
  
  Dell may acquire Quest Software to expand its desktop virtualisation offerings and gain Quest’s customers. Experts wonder if there is too much product overlap for such a deal to make sense.
- Data centre design: Using engineered racks, pods and containers
  
  IT pros must adopt a new approach to data centre design and consider using engineered racks, pods and containerised systems for better scalability, capacity and efficiency.
- Microsoft volume licensing costs to increase up to 33.5%
  
  Microsoft will increase its volume licensing prices in the UK between 7.5% and 33.5% starting July 1 to maintain price consistency owing to the sustained currency difference in Europe.
DataManagement UK
- SAS: High-performance analytics frees data scientists to model faster
  
  High-performance analytics on "big data" could aid European companies as they struggle to make headway in the recession, say senior SAS executives. All sectors are turning to big data, they claim.
- Organisational design for analytics function needs governance
  
  Scant are the absolute rules for the organizational design of the analytics function. It can be outsourced or in-house; sit within a business unit or run from the centre. But it needs governance.
- History lesson points way forward on data management projects
  
  Data management projects often suffer from historic amnesia. Projects that co-locate business and IT staff and keep to a manageable scale can achieve remarkable results, says consultant Andy Hayler.

All Rights Reserved, Copyright 2000 - 2012, TechTarget