Google’s Chrome web browser may be some way off dominating the competitive browser market, but it still has its ardent fans.
Those users should be aware that Google has released a new version of its Chrome web browser which fixes a number of security vulnerabilities.
Version 2.0.172.43 of Chrome fixes a high severity flaw in the V8 Javascript engine which would allow maliciously-crafted Javascript on a webpage to read unauthorised memory, bypassing security checks. It is possible that this could lead to unauthorised data being disclosed to an attacker or allow a malicious hacker to run code on your computer. Google has said it will make more details of the issue available once the majority of users are patched.
In addition, another flaw labelled “high severity” fixes a problem whereby webpages using XML can cause a Google Chrome tab process to crash. Google says that this update prevents hackers from being able to exploit this vulnerability to run arbitary code inside the Chrome sandbox.
Finally, the new version of Google Chrome will no longer connect to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.
More details of the latest update to Google Chrome are available on the Chrome Release blog. The update is being rolled out automatically to Chrome users.
Although nothing like as widely used as Internet Explorer or Firefox (the latest monthly stats about visitors to the Clu-blog tell me that 4.45% of you are using Chrome, as opposed to 44.3% on Internet Explorer and 37.36% on Firefox. Safari lies in third place at 10.29%), it’s perfectly possible that users inside your organisation have unilaterally chosen to use Chrome as their default browser if you haven’t implemented a policy to control which program your staff use to surf the net.