14 DAY TRIAL // Google has updated its Beta and Stable channels of Chrome with a new release. Google Chrome 2.0.172.33 is now available for download and it is designed to resolve a Critical security issue that, in the context of a successful exploit, could allow an attacker to perform remote code execution on a victim's PC.
Google has yet to make details on the security flaw public. However, the Mountain View-based search giant indicated that it would offer all the information on the update as long as the users currently running either the Beta or the Stable versions of Chrome updated to the latest build made available.
“CVE-2009-2121: Buffer overflow processing HTTP responses - Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly allow an attacker to run arbitrary code,” informed Mark Larson, Google Chrome Program Manager. “Severity: Critical. An attacker might be able to run code with the privileges of the logged on user. Credit: This issue was found by the Google Chrome security team.”
In addition to the buffer overflow security vulnerability, the Chrome 2.0.172.33 update is designed to fix two additional issues with Google's open source browser. According to Larson, both problems resolved by the latest refresh are network-related. “This release also fixes two other network issues: NTLM authentication to Squid proxies fails when trying to connect to HTTPS sites; and browser crash when loading some HTTPS sites.”
Last week, Google updated the Chrome developer channel to version 3.0.189.0, with a focus on reliability. While tending to the evolution of 2.0 and 3.0 builds in parallel, the Mountain View-based search giant is flaunting a much more agile development process compared to browser market heavyweights such as Microsoft, Mozilla and Opera.
The latest release of Google Chrome is available for download here.