We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Google Chrome users get security update

Auto-fix closes high-risk vulnerabilities

A new version of Google Chrome currently pushing out via auto-update closes high-risk security holes in how the browser handles Javascript and XML.

The first fix for the browser's Javascript engine heads off a problem that could allow malicious Javascript on a poisoned website to steal data or "run arbitrary code", which usually translates to "install malware". Google says a (currently unavailable) post with more info on the bug will be made public "once a majority of users are up to date with the fix".

The other high-priority fix closes the door to a potential attack that could use malicious XML on a web page to crash a Chrome tab process and run arbitrary code. The code would be run within Google's sandbox. See CVE-2009-2414 and CVE-2009-2416 for more on the fixed bugs.

Finally, with this new Chrome update the browser will no longer connect to "HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms".

Google's post says the algorithims are weak and could allow an attacker to present a fake HTTPS site as seemingly valid. As with the Javascript bug, Google says it will post more info on the medium-risk certificate flaw once a majority of users get the automatically distributed update.

For more details on the new 2.0.172.43 update, see Google's blogspot post.

See also:

Google Chrome review

PC World US magazine


IDG UK Sites

Samsung Galaxy Note 4 review: Great if you like big, expensive phones

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015