Just in two weeks, Google has to ship another version of its web browser Chrome and this time it has been done to fix some critical security holes in it and one of these holes has been found quite serious as it involves code execution risk on logged on user behalf.
Recently, we have also found reports of security vulnerabilities in Internet Explorer as well as in Chrome and now both these browsers sound one and the same for security issues.
A brief detail of these two fixes is as follow:
CVE-2009-1441: It’s quite critical indeed to suitably validate input from some renderer and through tab process it allows the attacker to crash this browser and run arbitrary code for the privileges of the user logging in. The vulnerability can be exploited by some attacker that would need to run arbitrary code in the process of rendering.
CVE-2009-1442: It poses a high risk and seems to show the failure in integrating multiplication to during image size computing and it will allow some crafted images or canvas that leads to tabs crashing and an attacker can execute arbitrary code during rendering the process.
A silent update of Google Chrome has been launched which indicates that patches have been done without even realizing its users.
