| 谷歌浏览器Chrome是一款可让您更快速、轻松且安全地使用网络的浏览器,它的设计超级简洁,使用起来更加方便。Google 浏览器Chrome的特点是简洁、快速。Google Chrome支持多标签浏览,每个标签页面都在独立的“沙箱”内运行,在提高安全性的同时,一个标签页面的崩溃也不会导致其他标签页面被关闭。
Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below.
A flaw in the V8 Javascript engine
might allow specially-crafted Javascript on a web page to read
unauthorized memory, bypassing security checks. It is possible that
this could lead to disclosing unauthorized data to an attacker or allow
an attacker to run arbitrary code.
More info: http://code.google.com/p/chromium/issues/detail?id=18639 (This issue will be made public once a majority of users are up to date with the fix.)
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Credit: This issue was found by Mozilla Security.
Mitigations:
Google Chrome no longer connects
to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4
hashing algorithms. These algorithms are considered weak and might
allow an attacker to spoof an invalid site as a valid HTTPS site.
More info: http://code.google.com/p/chromium/issues/detail?id=18725 (This issue will be made public once a majority of users are up to date with the fix.)
Severity: Medium. Further advances in attacks against weak hashing algorithms may eventually permit attacks to forge certificates.
Credit: Dan Kaminsky, Director of Penetration Testing, IOActive Inc., Meredith Patterson and Len Sassaman. See their paper at http://www.ioactive.com/pdfs/PKILayerCake.pdf
CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2
Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.
More info: See the CVE entries noted in this report.
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Credit: Original
discovery by Rauli Kaksonen and Jukka Taimisto from the CROSS project
at Codenomicon Ltd. The Google Chrome security team determined that
Chrome was affected.
Mitigations:
Jonathan Conradt
Engineering Program Manager |
下载:
