Google Patches Chrome Security Holes

rated by 0 users
This post has 5 Replies | 1 Follower

Top 10 Contributor
Posts 26,371
Points 1,192,125
Joined: Sep 2007
ForumsAdministrator
News Posted: Mon, Sep 8 2008 5:40 PM

The security vulnerabilities already discovered in Chrome appear to have been patched by Google. Of course, Google (much like Apple) hasn't provided any release notes, so discovering what's been fixed isn't that easy.

Google said, in a group post:
We're planning to do release notes. 149.29 is a security update and we released it as fast as we could. We would've liked more time to prepare things, but some of the vulnerabilities were made public without giving us a chance to respond, update, and protect our users first. Thanks for being patient as we work out the kinks in all of our processes,

Mark Larson
Program Manager for Google Chrome
It seems that the "carpet bombing" flaw created by using an older WebKit has been fixed, as has the buffer overflow issue discovered by Vietnamese security firm Bach Khoa Internet Security (SVRT-Bkis), a buffer overflow issue which would allow a hacker to take complete control of the affected system.

We also tested the "all tabs crash" and that seems fixed as well.



To update their browser, Chrome users need to go to the wrench icon in the upper right hand corner of the browser and pull down the menu. Then select "About Google Chrome." The browser will then check for an update. If there is one, Chrome will download it and ask to restart. The up-to-date version is 0.2.149.29.



Notably, when we tried this ourselves, Chrome was already updated, despite the fact we hadn't opened it all weekend.



  • | Post Points: 65
Top 10 Contributor
Posts 6,181
Points 90,135
Joined: Aug 2003
Location: United States, Virginia
Moderator

Kinda a wierd way to check for updates. Though seems mine was already updated.

  • | Post Points: 5
Top 75 Contributor
Posts 1,218
Points 18,720
Joined: Jul 2003
Location: United States, Texas
warlord replied on Mon, Sep 8 2008 7:56 PM

I have used the crap out of chrome and its worked well. Mine too was already up to date

  • | Post Points: 20
Top 10 Contributor
Posts 6,181
Points 90,135
Joined: Aug 2003
Location: United States, Virginia
Moderator

Auto update!? I have to get my mom using this thing.

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Tue, Sep 9 2008 8:26 AM

>> Chrome was already updated, despite the fact we hadn't opened it all weekend. <<

So does it, like a billion other apps, add an entry to the registry Run section? I wouldn't mind it checking when you start the app, but there are already too many other autorun processes slowing down startup on most Windows machines.

Also, I think this is a horrible idea because people may have cell-modems or multiple other types of connectivity where they have to pay by usage when traveling.  I wouldn't want an app to auto-download megabytes of data while connected that way - due to the crimp in bandwidth, if not cost.  Hopefully there's an easy way to disable it, preferably prompting the user on the first run so that they know it's going to be doing this *before* they get a bill.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Not Ranked
Posts 10
Points 105
Joined: Jul 2008
Location: Florida

My only comment is "Amen, 3vi1!! Without a lot of tweaking, there's a LOT of crap hogging startup in Windows as it is! We don't need more than we already have to deal with.

 

Jim

  • | Post Points: 5
Page 1 of 1 (6 items) | RSS