Google patches severe Chrome vulnerabilities

Maliciously crafted JavaScript and XML could let an attacker take over a person's computer through the stable version of Chrome, Google warns.

Google has fixed two high-severity vulnerabilities in the stable version of its Chrome browser that could have let an attacker remotely take over a person's computer.

With one attack on Google's V8 JavaScript engine, malicious JavaScript on a Web site could let an attacker gain access to sensitive data or run arbitrary code on the computer within a Chrome protected area called the sandbox, Google said in a blog post Tuesday. With the other, a page with XML-encoded information could cause a browser tab crash that could let an attacker run arbitrary code within the sandbox.

Chrome 2.0.172.43 (click to download for Windows) fixes the issues and another medium-severity issue. Once Chrome is installed, it retrieves updates automatically and applies them when people restart the browser.

Google won't release details of the vulnerabilities until "a majority of users are up to date with the fix," Engineering Program Manager Jonathan Conradt said in the blog post.

About the author

Stephen Shankland has been a reporter at CNET since 1998 and covers browsers, Web development, digital photography and new technology. In the past he has been CNET's beat reporter for Google, Yahoo, Linux, open-source software, servers and supercomputers. He has a soft spot in his heart for standards groups and I/O interfaces.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Find Your Tech Type

Take our tech personality quiz and enter for a chance to win* high-tech specs!