Google has published a update to its Chrome browser that addresses a newly discovered high risk security hole. Chrome version 18.104.22.168 sorts an error in processing long floating point numbers that creates a means for hackers to execute malware within the Google Chrome sandbox. The flaw in the dtoa() component of Chrome's …
Bodes well for Google Chrome OS
From the official announcement of Chrome OS (http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html):
"And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates. It should just work."
Why isn't there an English word for Schadenfraude?
@ David Heffernan
Very clever, made me smile anyway :-)
"Why isn't there an English word for Schadenfraude?"
There is - Doh!
I'm curious, how much damage could someone actually from the sandbox? Disk access? Unrestricted Memory access to the chrome processes space? Anyone have a link?
Misses the point of sandboxing
The point of the sandbox is that it generally prevents drive-by downloads. The sandbox works to stop any persistent changes to local disk. This makes bugs inside the Chrome sandbox relatively uninteresting. In the current economies, malware authors are targeting "Critical" vulnerabilities. Thanks to the sandbox, Chrome has relatively fewer of those.
Interesting balance of comments
"Critical security problem in browswer promoted as 'inherently secure'" - 4 comments
"Wales adopts wider use of average speed cameras" - 109 comments.
C'mopn guys, it's WALES. It's not as if anyone actually goes there.
AC to avoid the attentions of the Llu Llux Llan.
- Updated Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Android engineer: We DIDN'T copy Apple OR follow Samsung's orders