Google Chrome Updates with Security Fixes (MD2 - MD4 hashing algorithms)

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[Samker]

A new version of Google Chrome currently pushing out via auto-update closes high-risk security holes in how the browser handles Javascript and XML.

The first fix for the browser's Javascript engine heads off a problem that could allow malicious Javascript on a poisoned Web site to steal data or "run arbitrary code," which usually translates to "install malware." Google says a (currently unavailable) post with more info on the bug will be made public "once a majority of users are up to date with the fix": http://code.google.com/p/chromium/issues/detail?id=18639

The other high-priority fix closes the door to a potential attack that could use malicious XML on a Web page to crash a Chrome tab process and run arbitrary code. The code would be run within Google's sandbox: http://dev.chromium.org/developers/design-documents/sandbox
See CVE-2009-2414: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 and CVE-2009-2416: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 for more on the fixed bugs.

Finally, with this new Chrome update the browser will no longer connect to "HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms." Google's post says the algorithims are weak and could allow an attacker to present a fake HTTPS site as seemingly valid. As with the Javascript bug, Google says it will post more info on the medium-risk certificate flaw once a majority of users get the automatically distributed update: http://code.google.com/p/chromium/issues/detail?id=18725

For more details on the new 2.0.172.43 update, see Google's blogspot post: http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html

(PCW)

[wongsableng]

that is good info, thanks