Google Patches Chrome Security Holes - HotHardware
Google Patches Chrome Security Holes

Google Patches Chrome Security Holes

The security vulnerabilities already discovered in Chrome appear to have been patched by Google. Of course, Google (much like Apple) hasn't provided any release notes, so discovering what's been fixed isn't that easy.

Google said, in a group post:
We're planning to do release notes. 149.29 is a security update and we released it as fast as we could. We would've liked more time to prepare things, but some of the vulnerabilities were made public without giving us a chance to respond, update, and protect our users first. Thanks for being patient as we work out the kinks in all of our processes, Mark Larson Program Manager for Google Chrome
It seems that the "carpet bombing" flaw created by using an older WebKit has been fixed, as has the buffer overflow issue discovered by Vietnamese security firm Bach Khoa Internet Security (SVRT-Bkis), a buffer overflow issue which would allow a hacker to take complete control of the affected system.

We also tested the "all tabs crash" and that seems fixed as well.

To update their browser, Chrome users need to go to the wrench icon in the upper right hand corner of the browser and pull down the menu. Then select "About Google Chrome." The browser will then check for an update. If there is one, Chrome will download it and ask to restart. The up-to-date version is 0.2.149.29.

Notably, when we tried this ourselves, Chrome was already updated, despite the fact we hadn't opened it all weekend.
0
+ -

Kinda a wierd way to check for updates. Though seems mine was already updated.

0
+ -

I have used the crap out of chrome and its worked well. Mine too was already up to date

0
+ -

Auto update!? I have to get my mom using this thing.

0
+ -

>> Chrome was already updated, despite the fact we hadn't opened it all weekend. <<

So does it, like a billion other apps, add an entry to the registry Run section? I wouldn't mind it checking when you start the app, but there are already too many other autorun processes slowing down startup on most Windows machines.

Also, I think this is a horrible idea because people may have cell-modems or multiple other types of connectivity where they have to pay by usage when traveling.  I wouldn't want an app to auto-download megabytes of data while connected that way - due to the crimp in bandwidth, if not cost.  Hopefully there's an easy way to disable it, preferably prompting the user on the first run so that they know it's going to be doing this *before* they get a bill.

0
+ -

My only comment is "Amen, 3vi1!! Without a lot of tweaking, there's a LOT of crap hogging startup in Windows as it is! We don't need more than we already have to deal with.

Login or Register to Comment
Post a Comment
Username:   Password: