Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
|
|||||||
Begin your free trial now
Pay-as-you-go options starting at $10/user/month
Pay-as-you-go options starting at $10/user/month
Google fixes two critical Chrome flaws
|
|
Thread Tools | Search this Thread |
|
#1
08-25-2009
|
||||
|
||||
|
Google fixes two critical Chrome flaws
Update: We mistakenly reported earlier that one of the flaws in the Chrome browser could have lead to system-wide code execution. As one of its most significant built-in security measures, the Chrome browser adds an extra layer of security for HTML rendering and JavaScript execution called the sandbox. In other words, while the reported vulnerability could have resulted in unauthorized code execution, it would have been confined to the boundaries of the sandbox, according to Google's release documentation.
Read the whole story |
|
|
#3
08-25-2009
|
||||
|
||||
|
doesn't Mozilla get its funding from Google? or did I misunderstand that in the past?
|
|
#4
08-25-2009
|
||||
|
||||
|
@red1776: Last I knew, the two had an agreement over Google being the default search provider for Firefox. I'm pretty sure they still have that locked down for a few years (unless something has changed). The last time I read anything about it (6+ months ago I believe) that deal made up some 80-90% of Mozilla's income.
|
|
#5
08-25-2009
|
||||
|
||||
|
Quote:
Through revenue that comes from search ads, Google supplied Mozilla with $66 million of its $75 million in 2007 revenue, the last year for which figures are publicly available. |
|
|
#6
08-25-2009
|
||||
|
||||
|
Quote:
i was just wondering then why it would be so 'interesting' that the Mozilla team would have discovered the flaw since they are financially joined ,and have a common interest in each others success. |
|
#7
08-26-2009
|
|||
|
|||
|
There are two problems with this article:
* The flaws are rated "High", not "Critical". Perhaps your choice of "critical" was casual, but as it's a meaningful security rating, it's misleading. * The flaws could not result in direct system compromise and arbitrary code execution because they were contained by the sandbox. Black hats would also need a flaw in the sandbox to break out of it, combined with one of these flaws, to do real damage. This is precisely why we created the sandbox: to provide defense in depth. --Peter Kasting, Chromium developer |
|
#8
08-26-2009
|
||||
|
||||
|
Quote:
|
|
#9
08-26-2009
|
|||
|
|||
|
I'm glad someone noticed the collaboration with Mozilla. There's a surprisingly large amount of behind-the-scenes collaboration between browser vendors. For example, this blog post illustrates some of the bi-directional sharing between Google and the other browser vendors:
http://googleonlinesecurity.blogspot.com/2009/07/improving-web-browser-security.html Chris Evans, Chrome Security Team |
|
#10
08-26-2009
|
||||
|
||||
|
@Guest (Peter) - Thank you for your feedback. We have updated the original post with a proper correction.
|
|
#11
08-26-2009
|
||||
|
||||
|
That's cool you saw the article and corrected it Peter.
|
 |
| Similar Topics | ||||
| Topic | Replies | Forum | ||
 Microsoft readies five critical fixes for Patch Tuesday
|
0 | TechSpot News and Comments | ||
|
Google Chrome
|
7 | Software Apps | ||
|
Apple fixes six-months-old critical Java bug
|
0 | TechSpot News and Comments | ||
|
Two Critical Fixes Top MS List for IE
|
4 | General Discussion | ||
| Thread Tools | Search this Thread |
|
|
All times are GMT -4. The time now is 07:23 AM.