In one of my earlier posts, I have highlighted about a DoS vulnerability on Google Chrome's Inspect Element feature wherein a specially crafted page can cause all Chrome windows (not just tabs!) to crash. Google has released a patch to fix this and a few other vulnerabilities as mentioned in the update's Release Notes.
The milw0rm exploit, Shinook's Chrome exploit, and even Aviv Raff's carpet-bombing flaw exploit appear to have no effect on this updated version. An earlier patch, 0.2.149.27, was still vulnerable to the carpet-bombing exploit before the .29 update was released. The good? Google was able to release the patch in a timely manner, in fact, just hours (or was it a day) after the first vulnerabilities were made public. The bad? The update was done without even notifying the user. I still prefer to know what is being installed on my computer irregardless of whether it is fixing a vulnerability or not, hear Google?
No comments:
Post a Comment