CVE-2009-2121: Buffer overflow processing HTTP responses
Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly allow an attacker to run arbitrary code.
More info: http://code.google.com/p/chromium/is...etail?id=14508 (This issue will be made public once a majority of users are up to date with the fix.)
Severity: Critical. An attacker might be able to run code with the privileges of the logged on user.
Credit: This issue was found by the Google Chrome security team.
This release also fixes two other network issues:
- NTLM authentication to Squid proxies fails when trying to connect to HTTPS sites (Issue 8771)
- Browser crash when loading some HTTPS sites (Issue 13226)
Google Chrome Program Manager
Download: Google Chrome 18.104.22.168