Google Updates Chrome Browser With Security Fixes, PDF Viewer
In addition, the latest version of Google's browser, Chrome 8, contains a built-in PDF viewer with security features in the Chrome sandbox.
The PDF viewer will enable users to open and view PDF’s securely within a framework that compartmentalizes running programs, preventing users from being subjected to numerous Adobe updates, according to Google..
At least five of the security fixes were labeled with a ranking of "high risk," indicating that the security glitches could possibly be exploited by hackers to initiate remote code execution to access a user's system or crash their computer.
Included in the Google Chrome patch load were several "use after free" errors, glitches caused after memory has been freed, which can cause an application crash or enable hackers to launch remote code execution attacks on victims' computers.
Google warned that use after free errors were found in its Chrome browser's history handling, SVG animations and in the mouse dragging event handling feature, as well as a double free vulnerability in the handling of XPath.
Another vulnerability considered high risk included a malformed video leading to a crash caused by bad indexing.
In addition, another memory corruption error enabled hackers to launch malicious privileged extension attacks, which Google ranked with a severity ranking of Medium.
Other flaws that Google rated with the slightly less severe tag of "Medium" risk included a cross-origin video theft canvas flaw, as well as updating its "dangerous file types" list with the Windows platforms.
Some of the flaws Google ranked with a Low risk severity ranking included a possible pop-up blocker bypass glitch, and two flaws that enabled a potential browser crashes, with HTML5 databases and with HTTP proxy authentication, respectively.