Topic: Google Fixes 'critical' Security Hole in Chrome

[Samker]

Google has plugged a security vulnerability in its Chrome browser that the company considers critical.

The latest Chrome release -- version 2.0.172.33 -- fixes an issue that could let a malicious hacker carry out a buffer overflow attack, Google said Monday in an official blog: http://googlechromereleases.blogspot.com/2009/06/stable-beta-update-security-fix.html

If successful, the attack could allow the hacker to crash the browser and run code on a compromised machine with the privileges of the logged-on user.

To exploit the vulnerability, the hacker would have to involve "a specially crafted response from an HTTP server," according to Google, which didn't go into more specifics in the blog posting.

Google plans to provide more details about the vulnerability once a majority of Chrome users have patched their browsers. Chrome's internal security team discovered the flaw.

This latest version also fixes other bugs, including Chrome crashes when loading some HTTPS sites.

(PCW)