10/2/2009
Change Log:
Security Fixes:
CVE-2009-0689 dtoa() error parsing long floating point numbers
The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component.
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected.
Mitigations:
* A victim would need to visit a page under an attacker's control.
* Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.
Download Link
博文
没有评论:
发表评论