Tag: Google Chrome

New Chrome version released – 11.0.696.68

As expected, Google released its new version v11.0.696.68, after the claims from VUPEN security researchers to have pwned Chrome. The new version of Chrome comes with the updated Adobe Flash Player 10.3.

As a reply to the claims on pwn of Chrome, security researcher Dan Kaminksy said that if VUPEN used vulnerability in Flash to bypass sandbox, then it is not the Chrome hack alone. Another security researcher from Google Tavis Ormandy said in a Twitter post that “VUPEN misunderstood how sandboxing worked in chrome, and only had a flash bug.” Google is still researching on VUPEN claims.

The new Chrome version addresses two high risk security vulnerabilities – corrects integer overflows in VSG filters and bad casts in Chromium WebKit glue and the bug fixing of Flash player plugin. Google also added the new ClearSiteData API in Chrome, so that users can manage and remove Flash cookies (Local Shared Objects).

Security Vulnerability found in Google Chrome Running on Windows

The most secure features of Google Chrome, including Sandbox, ASLR and DEP, were simply bypassed by VUPEN security researchers. The vulnerability is for the most latest version of Google Chrome (v11.0.696.65) for Windows.

The vulnerability is found to be impacting all Windows based computers running 32 bit as well as 64 bit OS. The vulnerability was exploited by just making the user visit a specially prepared web page containing a sophisticated code that will execute various payloads to ultimately download and start any program. The program runs silently without even crashing Google Chrome after executing the payload. The program launches outside the sandbox but at medium integrity level. However, most malware today doesn’t necessarily need to have a high integrity level to run.

As the vulnerability is not publicized, Chrome users can stay out of panic.

Latest Versions of Chrome and Firefox Released

Google had released latest version for Chrome (9.0.597.107) fixing around 19 bugs on Monday. And within no time Mozilla has also come up with latest version of Firefox (3.6.14).

Interestingly, these were released just before the Pwn2Own hacking contest (to be starting on March 9th). Even in 2010, Google released 4.1.249.1036 version, days before the contest. Apple also had released updates for Safari in 2010 in almost the same time-line. Google Chrome stood the only browser unhacked among Internet Explorer 8, Firefox 3.6 (which lead to release of 3.6.4) and Safari 4 in 2010 Pwn2Own contest.

Even this year, after the release of new version, Google stays strong on Chrome and even announced a direct bounty of $20,000 prize for hacking Chrome (on the first of the contest’s three days), apart from the regular contest reward.

On a side note, Mozilla Firefox version 4 has entered its final beta stage and is expected to release by the end of this month.

Vulnerabilities Found in Google Chrome

Secunia has recently released an security advisory on Google Chrome asking users to update to the latest version (8.0.552.237) of the browser. According to the advisory, multiple vulnerabilities have been found on the browser that can be exploited by malicious people to manipulate certain data and potentially compromise a user’s system.

The vulnerabilities are as follows:
1) An unspecified error exists within the extensions notification handling.

2) A second unspecified error exists when handling pointers within node iteration.

3) A third unspecified error exists when printing multi-page PDF files.

4) An error when handling CSS and canvas can be exploited to reference a stale pointer.

5) An error when handling CSS and cursors can be exploited to reference a stale pointer.

6) A use-after-free error when handling PDF pages can be exploited to reference freed memory.

7) An error due to an out-of-memory condition when processing PDF files can be exploited to cause stack corruption.

8 ) An error when handling mismatched video frame sizes can be exploited to reference invalid memory.

9) An error when handling SVG “” elements can be exploited to reference a stale pointer.

10) An error when handling rouge extensions can be exploited to reference an uninitialised pointer.

11) An error within the Vorbis decoder can be exploited to cause a buffer overflow.

12) An error within PDF shading can be exploited to cause a buffer overflow.

13) An error when handling anchors may result in an incorrect type cast.

14) An error when handling videos may result in an incorrect type cast.

15) An error after removal of a DOM node may result in a stale rendering node.

16) An error when handling speech can be exploited to reference a stale pointer.

Procedure to check the version:
1. Click the Tools menu .
2. Select About Google Chrome.
3. If the version is not 8.0.552.237 then click on the Update button and restart the browser.