Tech2know

Google has released new security fixes for its Google chrome 2.0.172.43 and has released the same to Stable channel. Below are the fixes :

1) CVE-2009-2935 Unauthorized memory read from Javascript

A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.

2) Security Fix: Treat weak signatures as invalid

Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.

3) CVE-2009-2414  Stack consumption vulnerability in libxml2

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

4) CVE-2009-2416  Multiple use-after-free vulnerabilities in libxml2

Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.

Click here for detailed information.

The easiest way to stay informed about everything on Tech2know is to go for at lease one of below options :

Subscribe to my RSS feed / Subscribe by E Mail / Follow me on twitter /Become a fan on Facebook.

Stay tuned for more.

Related posts:

1. Google announces Chrome OS
2. Feed Not Displaying/Appearing Properly in Google Chrome, Try RSS Subscription Extension by Google
3. Mozilla releases three critical updats for Firefox
4. Orkut Chrome Extension – Receive Orkut Updates and Scrap Notifications
5. Mozilla released security updates for Firefox 3.5.2 and 3.0.13