Google has pushed out another automatic Chrome browser update to fix multiple security issues that could expose users to hacker attacks.
Google Chrome 5.0.375.55, available for Windows, Mac and Linux, addresses at least two “high risk” vulnerabilities and several security-related denial-of-service crashes.
Here’s the skinny, from Google’s advisory:
- [7713] Medium-Risk: Canonicalize URLs closer to the Safe Browsing specification. Credit to Brett Wilson of the Chromium development community.
- [16535] High-Risk: Possible URL bar spoofing via unload event handlers. Credit to Michal Zalewski, Google Security Team.
- [30079] Medium-Risk: Memory error in Safe Browsing interaction. Credit to Google Chrome Security Team (SkyLined).
- [39740] Medium-Risk: Bypass of whitelist-mode plugin blocker. Credit to Darin Fisher of the Chromium development community.
- [41469] Medium-Risk: Memory error with drag + drop. Credit to kuzzcc.
- [42228] High-Risk: Incorrect execution of Javascript in the extension context. Credit to Andrey Kosyakov of the Chromium development community.
Technical details of the vulnerabilities will be kept under wraps until a majority of Chrome users are patched via the browser’s silent-updater mechanism.
In partnership with Adobe, Google plans to integrate Flash Player into the browser in a coming release.
