Google has published a update to its Chrome browser that addresses a newly discovered high risk security hole. Chrome version 188.8.131.52 sorts an error in processing long floating point numbers that creates a means for hackers to execute malware within the Google Chrome sandbox. The flaw in the dtoa() component of Chrome's …
Bodes well for Google Chrome OS
From the official announcement of Chrome OS (http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html):
"And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates. It should just work."
Why isn't there an English word for Schadenfraude?
@ David Heffernan
Very clever, made me smile anyway :-)
"Why isn't there an English word for Schadenfraude?"
There is - Doh!
I'm curious, how much damage could someone actually from the sandbox? Disk access? Unrestricted Memory access to the chrome processes space? Anyone have a link?
Misses the point of sandboxing
The point of the sandbox is that it generally prevents drive-by downloads. The sandbox works to stop any persistent changes to local disk. This makes bugs inside the Chrome sandbox relatively uninteresting. In the current economies, malware authors are targeting "Critical" vulnerabilities. Thanks to the sandbox, Chrome has relatively fewer of those.
Interesting balance of comments
"Critical security problem in browswer promoted as 'inherently secure'" - 4 comments
"Wales adopts wider use of average speed cameras" - 109 comments.
C'mopn guys, it's WALES. It's not as if anyone actually goes there.
AC to avoid the attentions of the Llu Llux Llan.
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Apple: We'll unleash OS X Yosemite beta on the MASSES July 24
- Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
- White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!