Chrome 4.0, estensioni e bookmark sync

[Supernino]

Google ha rilasciato l'ultima versione stabile del proprio browser: Chrome raggiunge ora la versione 4.0 e si arricchisce di nuove e interessanti funzionalità. L'annuncio, fatto sul blog ufficiale, offre anche un breve approfondimento relativo alle novità che Chrom 4.0 porta con sé, Extensions e bookmark sync.

Info

 

[ERCOLINO]

Google Chrome Multiple Vulnerabilities

Secunia Advisory: SA37769
Release Date: 2010-01-26

Critical:Highly critical
Impact: Security Bypass
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Unpatched

Software: Google Chrome 3.x


Description:
Some vulnerabilities and weaknesses have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, or compromise a user's system.

1) A use-after-free error when handling pop-up windows and navigating away from the current site can be exploited to corrupt memory via a specially crafted web page.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 3.0.195.38. Other versions may also be affected.

2) An unspecified error can be exploited to bypass the pop-up blocker.

3) A design error in the handling of CSS stylesheets can be exploited to potentially disclose sensitive information from other domains.

4) An unspecified error allows XMLHttpRequests to directories.

5) An unspecified error exists related to escaping characters in shortcuts.

6) Unspecified errors exist related to drawing on canvases, which can corrupt memory.

7) An unspecified error exists during image decoding, which can corrupt memory.

8) An unspecified error exists, which may result in failure to strip "Referer".

9) An unspecified error affects cross-domain access.

10) An unspecified error exists in the deserialisation of bitmaps.

Solution:
Upgrade to version 4.0.249.78.

Bollettino Sicurezza

Dettagli

 

[pagnotz]

Lo uso dalla versione 2 e più passa il tempo più ho motivi per non cambiare, come leggerezza non ha confronti.

 

[Supernino]

Secunia Advisory: SA38545
Release Date: 2010-02-11

Criticality level: Highly critical
Impact: Manipulation of data
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch

Software: Google Chrome 4.x

Description
Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or potentially compromise a user's system.

1) Two errors when resolving domain names and when interpreting configured proxy lists can be exploited to disclose potentially sensitive data.

2) Multiple integer overflow errors in the v8 engine can be exploited to potentially execute arbitrary code.

3) An unspecified error in the processing of "<ruby>" tags can be exploited to potentially execute arbitrary code.

4) An error when processing "<iframe>" tags can be exploited to disclose a redirection target.

5) An error in the password manager can be exploited to incorrectly fill the HTTP authentication dialog presented by another domain with authentication data for the current domain, and potentially disclose saved credentials.

6) An integer overflow error when deserializing a sandbox message can be exploited to potentially execute arbitrary code.

The vulnerabilities are reported in versions prior to 4.0.249.89.

Solution
Update to version 4.0.249.89

Bollettino Sicurezza