Feeds

back to article Google Chrome update fills in parsing bug

Google has published a update to its Chrome browser that addresses a newly discovered high risk security hole. Chrome version 3.0.195.24 sorts an error in processing long floating point numbers that creates a means for hackers to execute malware within the Google Chrome sandbox. The flaw in the dtoa() component of Chrome's …

COMMENTS

This topic is closed for new posts.
FAIL

Bodes well for Google Chrome OS

From the official announcement of Chrome OS (http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html):

"And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates. It should just work."

Why isn't there an English word for Schadenfraude?

0
0
Happy

@ David Heffernan

Very clever, made me smile anyway :-)

"Why isn't there an English word for Schadenfraude?"

There is - Doh!

0
0

How damage

I'm curious, how much damage could someone actually from the sandbox? Disk access? Unrestricted Memory access to the chrome processes space? Anyone have a link?

0
0
Stop

Misses the point of sandboxing

The point of the sandbox is that it generally prevents drive-by downloads. The sandbox works to stop any persistent changes to local disk. This makes bugs inside the Chrome sandbox relatively uninteresting. In the current economies, malware authors are targeting "Critical" vulnerabilities. Thanks to the sandbox, Chrome has relatively fewer of those.

0
0
Anonymous Coward

Interesting balance of comments

"Critical security problem in browswer promoted as 'inherently secure'" - 4 comments

"Wales adopts wider use of average speed cameras" - 109 comments.

C'mopn guys, it's WALES. It's not as if anyone actually goes there.

AC to avoid the attentions of the Llu Llux Llan.

0
0
This topic is closed for new posts.