Chrome users are advised to upgrade to the latest version. To do that, go to the wrench icon in the upper right hand corner of the browser and down to "About Google Chrome." The browser will then check for an update. If there is one, Chrome will download it and ask to restart. The up-to-date version is 0.2.149.29.
A Vietnamese security company has found a critical vulnerability in Google's new browser Chrome, but Google has already released patch for that problem. The browser can encounter a problem trying to save a file with the name contained in the overly long title tag. An attacker could then have control of the PC and could execute other code on the machine, Bkis wrote on its blog. The problem can be exploited on PCs running Windows XP SP2 and Chrome version 0.2.149.27.
Last week, researcher Aviv Raff wrote that Chrome had a vulnerability due to its use of an outdated version of WebKit web browser engine. The vulnerability is know as the "carpet bombing" flaw, which can cause Windows to download a potentially dangerous JAR (Java archive) and execute it without warning users. Google has also fixed that flaw, a company spokesman said Monday.
The second problem identified shortly after Chrome's release could allow hackers to force Chrome to crash. That vulnerability, found by security researcher Rishi Narang, could be exploited by constructing a malicious link of a certain format, according to Narang's advisory.
News source: PC World
Critical Vulnerability Patched in Google's Chrome
No replies to this topic