Technofriends

Google Chrome has released a latest update to its stable channel. The latest Google Chrome 2.0.172.43 fixes some important security issues. Below are the security issues fixed in the latest release of Google Chrome 2.0 channel.

CVE-2009-2935 Unauthorized memory read from Javascript

A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.

Security Fix: Treat weak signatures as invalid

Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.

CVE-2009-2414  Stack consumption vulnerability in libxml2

CVE-2009-2416  Multiple use-after-free vulnerabilities in libxml2

Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.

Checkout more details here.

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Related posts:

1. [Security] Google Chrome Release Fixes Severe Security Hole
2. Google Chrome Updates to 3.0.195.32 (Fixes Security and Stability bugs)
3. [Firefox] Firefox 3.5.2 Released (Fixes Several Security Issues)
4. Latest Google Chrome Update Fixes Hotmail issue with User Agent Hack
5. Firefox 3.5.3 Released (Fixes Security and Stability Issues)