ReadWriteWeb

Uh-oh! Time to Patch Google Chrome

Written by Sarah Perez / April 27, 2009 7:26 AM / 3 Comments
« Prior Post Next Post »

Earlier this month, a problem was discovered in Google's new web browser, Google Chrome, that would have allowed an attacker to launch and run scripts on a compromised machine. The issue, originally discovered by Roi Saltzman of the IBM Rational Application Security Research Group, had been given a security rating of "high." Interestingly enough, although the attack takes advantage of security issues in Google Chrome, the initial entry point for the malicious code would have taken place in Internet Explorer.

Goolge has now released a patch for this issue. If you want to make sure your browser is up-to-date, click through for the instructions.

About the Security Issue(s)

According to researcher, Roi Saltzman, a malicious attacker can use three separate issues in parts of Chrome to create attacks that endanger users who surf to a malicious web site using Internet Explorer. Chrome program manager, Mark Larson, explains that the flaw could have caused Google Chrome to "launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice." (Yes, it seems that to get the malicious code working, a user would still need to be surfing with IE.)

How to Fix Your Copy of Chrome

Now that a patch is available, you can update Google Chrome on your own. Even if you never run IE, it's always a good idea to have the latest version of Chrome installed. Although Google says that the browser will update itself automatically, on my machine, the update had not yet taken place on my ever-open copy of Chrome - I had to force the update manually.

If you want to do the same, you'll need to first click on the Settings menu in Chrome. This is the menu to the right of the address bar which is identified with an icon resembling a wrench. In that menu, click the option "About Google Chrome." If you need the update, it will begin automatically. Once complete, you'll be prompted to close and then reopen the browser for the update to finish installing.

about_google_chrome.png

To be extra sure that the update took, you can return to that menu option after relaunching Chrome and make sure that the version number reads 1.0.154.59.

« Prior Post Next Post »
Posted in and tagged with
  • Comment
  • Print This
  • Digg
  • ShareShare

Related Entries


Comments

Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts

  1. Does the newest version work OK on a Novel Netware machine. I've got install rights, but it would only stay on my machine for a single session. Google suggested I wasn't the only person with that issue!

    Posted by: Emma | April 27, 2009 8:43 AM



  2. The best way to update is replace your Chrome with Firefox 3.0.9!

    Chrome always "beta", so it is really necessary update...daily! I love Google but Chrome is exception!

    Posted by: www.manysoft.net | April 27, 2009 5:42 PM



  3. But the screenshot says 1.0.154.53 and also that Google Chrome has been updated.

    So is it ...53 or ...59?

    Posted by: Rameez Nooruddin Posted on FriendFeed   | April 28, 2009 1:03 PM



Leave a comment

Optional: Sign in with Connect Facebook   Sign in with Twitter Twitter   Sign in with OpenID OpenID  |  

If you think Twitter is big, check out the Real-Time Web
RWW SPONSORS



FOLLOW @RWW ON TWITTER

ReadWriteWeb on Facebook
ReadWriteCloud - Sponsored by VMware and Intel



POPULAR TAGS

TEXT LINK ADS



RWW PARTNERS