There is a rather large batch of critical Chrome Vulnerabilities in this weeks US CERT advisory report SB11-024. The CERT Advisories are part of a US Government effort to keep people informed of product security issues. Most of them have a factor of 9.3 to 10 out of 10, the highest possible which means if exploited on your computer it is likely that the attacker could gain access to your computer. The actual bulletins include PDF and HTML document handling, denial of service and unknown impacts that lead to “stale pointer”. This would most likely occur when accessing a website or a PDF file with a vulnerable version of the Chrome browser.
Who should care?
Do you use the Chrome Browser or Chrome OS? If you do then you should take action to confirm that you will not be vulnerable.
How to tell
With your Chrome Browser open click the small tool icon in the top right of the browser window pictured below:
Once the above drop-down menu appears click the “About Google Chrome” menu item. This will result in a screen that will tell you if your browser is up to date and what version it is running:
The critical piece of information is the green check mark at the bottom of the page. If Chrome is not update or in this case is a version older than 8.0.552 your browser is vulnerable and needs to be updated. In most cases Chrome will be up to date as it is configured to update automatically. This is actually one of the strengths of this browser platform.