Google Fixes Chrome Hole, Again

Friday, November 18, 2011 @ 02:11 PM gHale


Here we go again as Google updated its Chrome browser, this time fixing a high-risk vulnerability in the V8 JavaScript engine.

That flaw is the only one Google fixed in this update. The vulnerability in the V8 engine is an out-of-bounds error that can cause a memory-corruption condition and lead to remote code execution. The researcher who discovered the bug, Christian Holler, received a $1,000 reward from Google for the report.

RELATED STORIES
Vulnerability Leader: Google
Patched Adobe Still has Victims
Apple Closes iPhone, iPad holes
Chrome Update Fills in Holes

The company has been doing rolling updates for Chrome, and it’s not unusual for there to be several separate updates within a month or six-week period. Google fixes vulnerabilities in the browser as they have the patches available, and it gives the company an advantage in terms of speed. The rolling patch schedule means Google doesn’t have to wait for a monthly scheduled release, and neither do its users.

This is the second security update for Chrome in the last week.

Last Thursday the company fixed seven vulnerabilities, including five high-risk ones. It’s rare for Google to release an update for Chrome to fix just a single bug, but given the ubiquity of JavaScript these days and its frequent use as an attack vector, the bug could be a serious one.



Leave a Reply

You must be logged in to post a comment.