Google patches two serious flaws in Chrome

Google has patched two serious security holes in its Javascript and XML engines, according to a blog post on the Google Chrome website.

Google has patched two serious security holes in its Javascript and XML engines, according to a blog post on the Google Chrome website.

The post said, "A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorised memory, bypassing security checks. It is possible that this could lead to disclosing unauthorised data to an attacker or allow an attacker to run arbitrary code."

Google has rated this security risk as high, because a hacker could run malicious code within the Chrome browser.

The second flaw affects XML. Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected, said Jonathan Conradt, engineering program manager at Google.

Chris Evans of Google's security team said neither of the flaws have been rated as critical because Google Chrome uses a sandbox which prevents arbitrary code from directly running on a user's PC.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close