tag:www.readwriteweb.com,2011:/1/tag:www.readwriteweb.com,2009://1.14806- 2011-08-16T17:23:46Z Comments for Uh-oh! Time to Patch Google Chrome Movable Type 4.35-en tag:www.readwriteweb.com,2009://1.14806 2009-04-27T14:26:46Z 2009-04-27T19:14:19Z Uh-oh! Time to Patch Google Chrome Earlier this month, a problem was discovered in Google's new web browser, Google Chrome, that would have allowed an attacker to launch and run scripts on a compromised machine. The issue, originally discovered by Roi Saltzman of the IBM Rational Application Security Research Group, had been given a security rating of "high." Interestingly enough, although... Sarah Perez Earlier this month, a problem was discovered in Google's new web browser, Google Chrome, that would have allowed an attacker to launch and run scripts on a compromised machine. The issue, originally discovered by Roi Saltzman of the IBM Rational Application Security Research Group, had been given a security rating of "high." Interestingly enough, although the attack takes advantage of security issues in Google Chrome, the initial entry point for the malicious code would have taken place in Internet Explorer.

Goolge has now released a patch for this issue. If you want to make sure your browser is up-to-date, click through for the instructions.

]]> About the Security Issue(s)

According to researcher, Roi Saltzman, a malicious attacker can use three separate issues in parts of Chrome to create attacks that endanger users who surf to a malicious web site using Internet Explorer. Chrome program manager, Mark Larson, explains that the flaw could have caused Google Chrome to "launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice." (Yes, it seems that to get the malicious code working, a user would still need to be surfing with IE.)

How to Fix Your Copy of Chrome

Now that a patch is available, you can update Google Chrome on your own. Even if you never run IE, it's always a good idea to have the latest version of Chrome installed. Although Google says that the browser will update itself automatically, on my machine, the update had not yet taken place on my ever-open copy of Chrome - I had to force the update manually.

If you want to do the same, you'll need to first click on the Settings menu in Chrome. This is the menu to the right of the address bar which is identified with an icon resembling a wrench. In that menu, click the option "About Google Chrome." If you need the update, it will begin automatically. Once complete, you'll be prompted to close and then reopen the browser for the update to finish installing.

about_google_chrome.png

To be extra sure that the update took, you can return to that menu option after relaunching Chrome and make sure that the version number reads 1.0.154.59.

]]> tag:www.readwriteweb.com,2009://1.14806-comment:135712 Comment from Rameez Nooruddin on 2009-04-28 Rameez Nooruddin http://friendfeed.com/remz But the screenshot says 1.0.154.53 and also that Google Chrome has been updated.

So is it ...53 or ...59?

]]> 2009-04-28T20:03:47Z tag:www.readwriteweb.com,2009://1.14806-comment:135582 Comment from www.manysoft.net on 2009-04-27 www.manysoft.net http://www.manysoft.net The best way to update is replace your Chrome with Firefox 3.0.9!

Chrome always "beta", so it is really necessary update...daily! I love Google but Chrome is exception!

]]> 2009-04-28T00:42:15Z tag:www.readwriteweb.com,2009://1.14806-comment:135471 Comment from Emma on 2009-04-27 Emma Does the newest version work OK on a Novel Netware machine. I've got install rights, but it would only stay on my machine for a single session. Google suggested I wasn't the only person with that issue!

]]> 2009-04-27T15:43:52Z