• Total Posts: 28030
  • Total Topics: 8051
  • Online Today: 817
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Google Chrome Updates with Security Fixes (MD2 - MD4 hashing algorithms)  (Read 1967 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7151
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

A new version of Google Chrome currently pushing out via auto-update closes high-risk security holes in how the browser handles Javascript and XML.

The first fix for the browser's Javascript engine heads off a problem that could allow malicious Javascript on a poisoned Web site to steal data or "run arbitrary code," which usually translates to "install malware." Google says a (currently unavailable) post with more info on the bug will be made public "once a majority of users are up to date with the fix":

The other high-priority fix closes the door to a potential attack that could use malicious XML on a Web page to crash a Chrome tab process and run arbitrary code. The code would be run within Google's sandbox:
See CVE-2009-2414: and CVE-2009-2416: for more on the fixed bugs.

Finally, with this new Chrome update the browser will no longer connect to "HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms." Google's post says the algorithims are weak and could allow an attacker to present a fake HTTPS site as seemingly valid. As with the Javascript bug, Google says it will post more info on the medium-risk certificate flaw once a majority of users get the automatically distributed update:

For more details on the new update, see Google's blogspot post:


Samker's Computer Forum -


  • SCF Newbie
  • *
  • Posts: 4
  • KARMA: 0
    • Kerja Keras Adalah Energi Kita
that is good info, thanks  :)


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising