Google Fixes Critical Vulnerability in Chrome

After it has released Chrome 2.0.177.1 to the developer channel at the end of the past month, Google has also updated its stable release of the open-source browser. Google Chrome's Stable channel is now up to version 1.0.154.64, with the Mountain View-based search giant explaining that the latest release is designed to resolve two security vulnerabilities, one of which considered critical. Mark Larson, Google Chrome Program Manager, revealed that both of the security holes were identified via internal Google testing.

“CVE-2009-1441: Input validation error in the browser process - a failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process,” Larson stated.

In addition to the critical vulnerability fix, Chrome 1.0.154.64 also brings to the table Gears version 0.5.16.0. At the same time, Google has now made it easier for Chrome to be configured as the default browser. A new notification will be displayed for end users at startup, allowing them either to set Chrome as the default browser, or choose the option not to be asked again. The second security vulnerability fixed with this release involves an integer overflow in Skia 2D graphics.

“A failure to check the result of integer multiplication when computing image sizes could allow a specially-crafted image or canvas to cause a tab to crash and it might be possible for an attacker to execute arbitrary code inside the (sandboxed) renderer process,” Larson said.

With Google Chrome 2.0.177.1, offered last week, Google focused on delivering bug fixes and tweaks to the browser's graphical user interface.

The latest Google Chrome releases are available for download here.