La versione stabile di Chrome arriva a tre con la 3.0.195.21

Naviga SWZ: Home Page » News
News del 16 Settembre 09 Autore: Gianplugged
La versione stabile di Chrome arriva a tre con la 3.0.195.21
Google ha realizzato la prima versione stabile di Chrome con il numero 3: la 3.0.195.21.

La società di Mountain View ci è arrivata dopo 21 beta e 15 update della versione stabile, nonchè dopo 3.505 bugfix.

Chrome 3 non è molto più veloce della versione precedente che secondo Google dalla prima versione stabile a questa è stata comunque aumentata del 150%.

Chrome 3 comprende la pagina per le nuove tab in stile Safari, omnibox potenziato, migliori capacità HTML5 e il supporto ai temi.

Note di rilascio:

3.0.195.21 has graduated from Beta to the Stable channel today.

Thisrelease includes themes support, a brand new New Tab page, an updatedomnibox, support for audio and video tags, and a higher performing V8engine.

You can read more about it here.

Security Fixes:
Wewould like to extend special thanks to Will Dormann of CERT forworking with us to improve the security of the new audio and videocodecs in this release.
CVE-2009-XXXX  Content-Type: application/rss+xml being rendered as active content

Previously,we rendered RSS and Atom feeds as XML.  Because most other browsersrender these documents with dedicated feed previewers, some web sitesdo not sanitize their feeds for active content, such as
JavaScript.  In these cases, an attacker might be able to inject JavaScript into a target web site.

More info: http://code.google.com/p/chromium/issues/detail?id=21238
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium.  Most web sites are not affected because they do not include untrusted content in RSS or Atom feeds.

Credit: Inferno of SecureThoughts.com

Mitigations:

  • A victim would need to visit a page under an attacker´s control.
  • The target web site would need to let the attacker inject JavaScript into an RSS or an Atom feed.

CVE-2009-XXXX  Same Origin Policy Bypass via getSVGDocument() method

ThegetSVGDocument method was lacking an access check, resulting ina cross-origin JavaScript capability leak.  A malicious website operator could use the leaked capability to inject JavaScript intoa target web site hosting an SVG document, bypassing thesame-origin policy.

More info: http://code.google.com/p/chromium/issues/detail?id=21338
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: High

Credit: Isaac Dawson

Mitigations:

  • A victim would need to visit a page under an attacker´s control.
  • The target web site would need to host an SVG document.

Inserisci un commento sul forum Commenta la News sul Forum

Voto:

Categoria: P2P e Web

Licenza: Open source

OS: Windows

La Community di SWZone.it

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum

Newsletter

Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter

NOTIZIE CORRELATE