Google Patches 6 Serious Chrome Bugs
And adds more entries to Chrome’s SSL certificate blacklist as Comodo break-in makes news
By Gregg Keizer | March 25, 2011 12:06 PM ET
Computerworld – Google on Thursday patched six vulnerabilities in Chrome, and as usual, silently updated users’ copies of the browser.
The update to Chrome 10.0.648.204 also included two more entries to the browser’s blacklist, a move related to last week’s theft of nine digital certificates from a Comodo reseller.
All six bugs were rated “high,” Google’s second-most-serious ranking in its threat scoring system. Of the half-dozen bugs, two were “use after free” flaws — a type of memory management bug that can be exploited to inject attack code — while a second pair were pegged by Google as “stale pointer” vulnerabilities, another kind of memory allocation flaw.
As is Google’s practice, the company locked down its bug-tracking database, blocking access to the technical details of the patched vulnerabilities. Google usually unlocks the bug entries several weeks, sometimes months later, to give users time to update before the information goes public.
Full story here: Google patches 6 serious Chrome bugs
Research: Robert Cazares