Version 3.0.195.24 released to the stable channel

Oct 1, 2009 09:43 GMT  ·  By

Google announced the availability of a security update for its Chrome browser. The newly released version, 3.0.195.24, addresses a serious vulnerability that could be remotely exploited by an attacker to execute arbitrary code.

The flaw patched by Google in its browser is not limited to Chrome. It is a memory corruption vulnerability that was discovered by Maksymilian Arciemowicz of SecurityReason in the gdtoa library used by many BSD systems. "The main problem exists in new dtoa implementation," which brings better C99 support to printf(3) and other functions, the researcher writes.

This vulnerability was discovered back in May and was disclosed in June as affecting the most recent OpenBSD, NetBSD and FreeBSD releases. "The software fails to properly bounds-check data used as an array index. Attackers may exploit this issue to execute arbitrary code within the context of affected applications," a SecurityFocus advisory reads.

Even though Google Chrome is only available for the Windows operating system, its V8 JavaScript engine uses a dtoa() implementation of its own to parse strings into floating point numbers. The Google Chrome Security Team determined that this implementation is vulnerable to the same attack described by Mr. Arciemowicz.

The Google advisory notes that a potential attacker can trick users into visiting a maliciously crafted Web page under their control, in order to exploit this vulnerability and execute arbitrary code. A severity ranking of "high" was assigned to this issue; however, it is stressed that "Any code that an attacker might be able to run inside the renderer process would be inside the sandbox."

Sandboxing is a model where code is executed inside a restricted environment in order to prevent it from altering critical aspects of the operating system or accessing its sensitive resources. In Chrome, all rendering is performed in such a sandbox called a target process, which cannot make Windows API calls directly. Instead, it has to pass them to the broker, the main browser process, which verifies them and decides whether they pass through or not.

Google Chrome 3.0.195.24 Stable can be downloaded from our secure servers.