A security research center in China has
flagged security vulnerabilities in Google's Chrome browser that can
allow attackers to remotely control a user's browser, said a report.
The three flaws were discovered by China's National Computer Network's Intrusion Protection Center, Xinhua reported, adding that the Internet company confirmed the loopholes and classified them as "high-risk".
According to the Chinese news agency, two of the Chrome vulnerabilities are related to the handling of XPath language. When the browser does not process certain XPath queries appropriately, it will lead to the same memory area to perform the release operation twice.
The third involves the SQL query operation of the Web SQL Database. When the error occurs, it can lead to the browser to write memory in past its boundary, said the report.
Both types of errors can undermine the key data structure in the system memory, allowing the attackers to execute arbitrary codes from the browser sandbox. This can compromise the user's privacy and personal information.
According to Xinhua, Google has released 14.0.835.163 version of Chrome to fix the vulnerabilities.
The three flaws were discovered by China's National Computer Network's Intrusion Protection Center, Xinhua reported, adding that the Internet company confirmed the loopholes and classified them as "high-risk".
According to the Chinese news agency, two of the Chrome vulnerabilities are related to the handling of XPath language. When the browser does not process certain XPath queries appropriately, it will lead to the same memory area to perform the release operation twice.
The third involves the SQL query operation of the Web SQL Database. When the error occurs, it can lead to the browser to write memory in past its boundary, said the report.
Both types of errors can undermine the key data structure in the system memory, allowing the attackers to execute arbitrary codes from the browser sandbox. This can compromise the user's privacy and personal information.
According to Xinhua, Google has released 14.0.835.163 version of Chrome to fix the vulnerabilities.
No comments:
Post a Comment