Chrome update completes busy browser patch week
PrintTime for an industry patch day?
Posted in Software & Security, 12th June 2009 10:16 GMT
Free whitepaper – Managing desktop software for fun and profit
Google has pushed out an update designed to fix a pair of vulnerabilities involving the WebKit application framework that underpins its Chrome browser.
The most severe of the two flaws involved a "high risk" memory corruption flaw in WebKit, which creates a potential means for hackers to inject hostile code into the sandbox used by the browser. The second flaw involves a less severe information disclosure risk, involving the Drag and Drop functionality built into WebKit.
Google's advisory can be found here.
The update completes a busy week on the browser security front with a significant cumulative update for Internet Explorer on Tuesday and a Firefox update on Thursday. In addition, Apple released a beta version of its Safari 4 browser earlier this week.
Outside the browser security arena, Adobe released the first of its scheduled patch updates on Tuesday, and FreeBSD dropped an update designed to defend against a stack-based buffer-overflow that poses a potential code injection risk.
It's becoming more difficult for hard-pressed sys admins to keep track of updates, especially when many arrive without any indication a fix is in development.
Some security patching experts, such as Andrew Storms, director of security operations at nCircle, advocate the creation on a general industry patching day to make the patching process easier to plan and manage, security blogger Ryan Naraine reports. ®
What Exchange can't do - and Dell can
Expert Roundtable: The Register Agile Data Center Summit
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Seven ways to lower storage costs
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs