ID: IRCNE2012031429
Date: 2012-03-10
According to "computerworld", Google has patched a critical Chrome vulnerability disclosed Wednesday at the CanSecWest security conference in Vancouver that can be exploited to escape from a browser's secure sandbox.
Russian security researcher Sergey Glazunov demonstrated a remote code-execution (RCE) exploit against a fully patched version of Chrome on Windows 7 as part of Google's Pwnium contest held at the conference.
Glazunov's exploit leveraged two Chrome vulnerabilities -- one that allows the execution of arbitrary code and one that bypasses the browser's much-touted security sandbox, which normally restricts such exploits.
Both vulnerabilities leveraged by Glazunov's exploit were fixed in Google Chrome 17.0.963.78, which was released on Thursday.
Because of the Chrome's auto-update feature, users just need to restart their browsers in order to deploy the security fix. Organizations can deploy the important update by using the Google Update for enterprise policy.
- 2