News

Google Releases Security Update for Chrome

Google today has released Chrome version 11.0.696.71 which fixes four vulnerabilities in its browser.

Two of the vulnerabilities, deemed "critical," relate to a memory corruption error in the GPU command buffer and an out-of-bounds write issue in blob handling. They were discovered by Google's internal security engineers.

A third vulnerability, labeled "high," related to a bug in code that handles dynamic memory. This "stale pointer" vulnerability could lead to data transfer when aliases are created for allocated memory. Martin Barbella, a researcher not associated with Google, discovered the flaw and was awarded $1,000 as part of the company's Chromium security program.

The final vulnerability fix, categorized as "low," patches an issue that can cause a bug to bypass the popup blocker.

While the holes have been outlined by Google, details of each problem and patch are being withheld until a majority of Chrome users have updated. Today's patch marks the second security update this month to Chrome's "stable" build.

The release of today's updated browser does not fix a zero-day sandbox vulnerability that a French security research team, Vupen, had announced it had discovered earlier in the month. Aside from a handful of Google engineers taking to Twitter to blame the hole on Adobe's Flash software, the company has yet to publicly comment on the issue, besides a statement saying it was unable to investigate the claim due to the fact that Vupen would not share the information outside its paying clients.  

Google Chrome, version 11.0.696.71 can be downloaded here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.