Google Patches Chrome Security Holes

The security vulnerabilities already discovered in Chrome appear to have been patched by Google. Of course, Google (much like Apple) hasn't provided any release notes, so discovering what's been fixed isn't that easy.

Google said, in a group post:
We're planning to do release notes. 149.29 is a security update and we released it as fast as we could. We would've liked more time to prepare things, but some of the vulnerabilities were made public without giving us a chance to respond, update, and protect our users first. Thanks for being patient as we work out the kinks in all of our processes, Mark Larson Program Manager for Google Chrome
It seems that the "carpet bombing" flaw created by using an older WebKit has been fixed, as has the buffer overflow issue discovered by Vietnamese security firm Bach Khoa Internet Security (SVRT-Bkis), a buffer overflow issue which would allow a hacker to take complete control of the affected system.

We also tested the "all tabs crash" and that seems fixed as well.

To update their browser, Chrome users need to go to the wrench icon in the upper right hand corner of the browser and pull down the menu. Then select "About Google Chrome." The browser will then check for an update. If there is one, Chrome will download it and ask to restart. The up-to-date version is 0.2.149.29.

Notably, when we tried this ourselves, Chrome was already updated, despite the fact we hadn't opened it all weekend.
Via:  Various

blog comments powered by Disqus