Google Releases Chrome Update

By Author: eccuni
Total Articles: 211
Comment this article

In yet another update, Chrome stable and beta channels have been updated to 10.0.648.204. The latest update mitigates six vulnerabilities identified by various security researchers, and resolves performance and stability issues. The update also includes support for password manager on Linux.

The release patches a buffer error in base string handling first identified by Alex Turpin. Security professionals at Google have resolved stale pointer in handling of Cascading Style Sheets (CSS) and SVG text handling, both identified by Sergey Glazunov. The update fixes a DOM tree corruption issue with broken node parentage. Use-after-free issues in the frame loader and HTML collection have been mitigated in the new Chrome channel. While the issue with frame loader was detected by Sławomir Błażek, Sergey Glazunov identified the issue with HTML collection. Use-after-free issue takes place, when memory is deallocated, but regained later. All the six vulnerabilities have been rated as high-risk. Google rates bugs as critical, high, medium and low. According to the company’s severity policy, those vulnerabilities ...
... are rated as high, which enable an attacker to gain access or modify confidential information on a website, allow execution of arbitrary code in sandbox, interference with browser security features and issues in sandbox implementation.

Vulnerabilities in software products are exploited by attackers to breach the security of computers and websites. Coding errors, compatibility issues and other human errors may result in vulnerabilities in software products. IT professionals could be encouraged to undertake refresher courses, secured programmer certification and other online university degree programs to improve their technical skills.

Usually, developers evaluate the strength of products through penetration testing. Google encourages security researchers to identify and report vulnerabilities, before their exploitation by the attackers. The researchers are awarded a cash prize under the company’s vulnerability rewards program. Sergey Glazunov received a total bounty of $7,000 for reporting four vulnerabilities.

The new version of chrome would be automatically updated. However, those users, who have not enabled automatic updates for the browser, must update the browser to avoid exploitation of vulnerabilities. Video tutorials, online degree and e-learning programs could help in creating cyber security awareness among individuals.

Hiring security professionals qualified in masters of security science and computer degree programs may enable organizations to keep track of the security updates and timely application of appropriate patches.