While working in parallel on a number of browser releases, Google has updated version 2.0 of Chrome, in a move to provide additional security to end users. In this context, users can now download Google Chrome Build 188.8.131.52. Version 2.0 of the open-source browser from Google is also the only stable version of Chrome. In parallel, the Mountain View-based search giant is also developing Chrome 3.0 and Chrome 4.0
, available through the Beta and the Developer channels, respectively.
As an integral part of the security enhancements and patches introduced by Google Chrome 184.108.40.206, the browser no longer plays nice with weak signatures, treating them as invalid instead. “Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site,” revealed Jonathan Conradt, engineering program manager. “Further advances in attacks against weak hashing algorithms may eventually permit attacks to forge certificates,” he warned
In addition, Google Chrome 220.127.116.11 patched a vulnerability associated with stack consumption in libxml2 and also multiple use-after-free vulnerabilities in libxml2. “Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected,” Conradt added. “A victim would need to visit a page under an attacker's control. Any code that an attacker might be able to run inside the renderer process would be inside the sandbox.”
End users are of course advised to download and install the latest release of Google Chrome as soon as possible. At the same time, it is recommended that they run 18.104.22.168 or later, and that only beta testers and developers use versions 3.0 and 4.0.
The latest release of Google Chrome is available for download here