Tag Archive: V8

Google Chrome 3.0.195.27 Released

Posted Oct.13, 2009 under Google, Google Chrome, Windows
Both the beta and stable channel have been updated to 3.0.195.27 and contain the following fixes:

Anthony Laforge
Google Chrome Program Manager

Download: Google Chrome 3.0.195.27

Tags: ,
Leave a Comment

Google Chrome 2.0.172.43 Released

Posted Aug.25, 2009 under Google, Google Chrome, Windows

Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below.
CVE-2009-2935 Unauthorized memory read from Javascript

A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.

More info: http://code.google.com/p/chromium/issues/detail?id=18639 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: This issue was found by Mozilla Security.

Mitigations:

  • A victim would need to visit a page under an attacker’s control.
  • Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

Security Fix: Treat weak signatures as invalid

Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.

More info: http://code.google.com/p/chromium/issues/detail?id=18725 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium. Further advances in attacks against weak hashing algorithms may eventually permit attacks to forge certificates.

Credit: Dan Kaminsky, Director of Penetration Testing, IOActive Inc., Meredith Patterson and Len Sassaman. See their paper at http://www.ioactive.com/pdfs/PKILayerCake.pdf

CVE-2009-2414 Stack consumption vulnerability in libxml2
CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2

Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.

More info: See the CVE entries noted in this report.

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: Original discovery by Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd. The Google Chrome security team determined that Chrome was affected.

Mitigations:

  • A victim would need to visit a page under an attacker’s control.
  • Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

Jonathan Conradt
Engineering Program Manager

Download: Google Chrome 2.0.172.43

Tags: , , , ,
Leave a Comment

Google Chrome 3.0.193.2 Released

Posted Jul.23, 2009 under Google, Google Chrome, Windows

Google Chrome 3.0.193.2 has been released to the Beta channel. Some principal changes release since 2.0.172.37:

  • Updated V8 to 1.2.13.2 to improve stability and performance.
  • Printing fixes and print selection for Windows.
  • Initial support for the video tag.
  • Updated look and feel of the url bar (aka the Omnibox).
  • Improved our Developer Tools by adding the scripts and profiles tabs, plus support for docking the inspector into the main window.

In addition to some minor UI changes:

  • Minor Tweaks renamed as “Personal Stuff” in the Options menu
  • Browsing data options added to the Options menu, under Personal Stuff.
  • Default download location and font/language settings moved from Minor Tweaks to the Under the hood tab
  • Exceptions is a tab in the “Passwords and Exceptions” dialog, rather than a separate button in the Passwords section of the Options menu.

You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.

Anthony Laforge
Google Chrome Program Manager

Download: Google Chrome 3.0.193.2

Tags: , , ,
Leave a Comment

Firefox 3.5 benchmarked, not as fast as Chrome

Posted Jul.01, 2009 under Firefox, Google

The results are in from benchmarks of Firefox 3.5, performed by ZDNet.

The benchmarks test all the main browsers from Google Chrome 2.0.172.33, Safari 4, Firefox 3.5, Firefox 3.0.5, Opera 10 Alpha and Internet Explorer 8. Each browser was put through three tests including SunSpider javascript benchmark, V8 Benchmark Suite and finally the ACID 3 test.

Firefox 3.5 was built for speed and performance, compared to previous versions of Firefox. Firefox 3.5 performed better than Firefox 3.0.5 and Internet Explorer 8 in all three categories.

From the graphs, it is clear to see that Google Chrome performed the best overall, followed shortly by Safari 4 and then Firefox 3.5. Firefox 3.5 scored a 93 on the ACID 3 test, falling shortly behind Google Chrome, Safari and Opera 10 alpha, all scoring a perfect 100.

Firefox 3.5 is fast and speedy, but it’s still lacking the speed of Google Chrome or Safari 4 in terms of performance benchmarks.

Tags: , , , , , ,
1 Comment

Enter your email address:

Delivered by FeedBurner