Google closes vulnerabilities in Chrome 3

Google has released version 3.0.195.32 of Chrome, a security update that addresses a high risk vulnerability in its WebKit-based browser. In addition to a number of stability fixes, the stable channel update fixes a bug that could lead to possible memory corruption in the Gears plug-in. For an attack to be successful, a victim would have to visit a site under the attackers control and give that site access to Gears. The attacker could then place the Gears SQL metadata into a bad state which, in turn would cause memory corruption that could cause the Gears plugin to crash or allow for arbitrary code execution.

 

The latest stable release also corrects a medium risk bug that prevents a user from being warned about possibly dangerous file types, such as SVG, MHT and XML files, which could lead to the execution of JavaScript with access to local resources. Further details of the vulnerabilities, however, are currently being withheld until "a majority of users are up to date with the fix", but have provided links to the withheld items in the issue tracker for the JavaScript and Gears SQL problems. Other changes include fixes for issues with Adobe Acrobat Reader 9.2 that would cause no content to be displayed, an infinite loop in AAC decoding, and a problem that would sometimes eat 100 per cent of the CPU.