Google patches critical Chrome code flaw

The first security patch for Google’s new Chrome browser is out, fixing at least two “critical” vulnerabilities that put Windows users at risk of code execution attacks.

Google Chrome version 0.2.149.29 was released on 5 September 2008, and
all users are being automatically updated. Automatic updates are a key
security feature in helping to ensure the safety of Google Chrome
users.

This is a security and bug fix update, with no new functionality.

Security Updates:

– Fix a buffer overflow vulnerability in handling long filenames
that display in the Save As… dialog. This is a critical risk that could
lead to execution of arbitrary code.
– Issue: http://code.google.com/p/chromium/issues/detail?id=1414
– Fix: http://src.chromium.org/viewvc/chrome?view=rev&revision=1766

– Fix a buffer overflow vulnerability in handling link targets
displayed in the status area when the user hovers over a link. This is a
critical risk that could lead to execution of arbitrary code.
– Issue: reported internally to Google
– Fix: http://src.chromium.org/viewvc/chrome?view=rev&revision=1797

– Fix an out-of-bounds memory read when parsing URLs ending with :%.
This is a low risk that can be used to crash the entire browser, possibly
causing loss of data in the current session.
– Issue: http://code.google.com/p/chromium/issues/detail?id=122
– Fix: http://src.chromium.org/viewvc/chrome?view=rev&revision=1760

– Change the default Downloads directory if it is set to Desktop,
and ensure that Desktop cannot be the default. This mitigates the risk of
malicious cluttering of the desktop with unwanted downloads, which can
lead to executing unwanted files.
– Fix: http://src.chromium.org/viewvc/chrome?view=rev&revision=1793

Other changes:

– Fix a couple of data transfer issues with the Safe Browsing service causing
unnecessary traffic.
– Fix: http://src.chromium.org/viewvc/chrome?view=rev&revision=1762

– Fix a JavaScript bug that affected facebook.com. The fix properly
handles negative indicies when using for…in.
– Issue: http://code.google.com/p/chromium/issues/detail?id=131
– Fix: http://src.chromium.org/viewvc/chrome?view=rev&revision=1763

– Fix search suggestions not working properly for http://search.daum.net/,
http://search.empas.com/, http://meta.ua/, http://search.naver.com/, and
http://search.yahoo.com/ on several non-United States sites.
– Fix: http://src.chromium.org/viewvc/chrome?view=rev&revision=1759

ZDNET