Google has released Chrome 16, a new stable version of its Web browser that addresses 15 high- and medium-risk vulnerabilities.
Four of the security flaws patched in this release stem from errors in Chrome’s built-in PDF parser, which is based on Foxit’s PDF SDK (software development kit).
Two of them have a medium severity rating and allow attackers to access parts of the system memory that weren’t allocated to the program. This can result in the exposure of sensitive information.
The other two allow attackers to execute arbitrary code by tricking victims into opening maliciously crafted PDF files and have a high severity rating.
In total, there were six high-risk, seven medium-risk and two low-risk vulnerabilities patched in Chrome 16. Seven of them were discovered by Chromium developers and members of the Chrome and Google Security Teams, while the rest were found by external researchers who earned US$6,000 through the Chromium Security Reward program for their reports.
Six vulnerabilities were discovered with the help of an open-source tool called AddressSanitizer, Google Chrome engineer Anthony Laforge said in a blog post.
However, while the arbitrary code execution and unauthorized memory access flaws pose a serious risk in theory, their actual impact is severely reduced by Google Chrome’s sandbox.
Sandboxing is an anti-exploitation technology that isolates potentially vulnerable components, like those used for content parsing, from the operating system. These components gain access to system resources through a special brokering process that’s easier to keep free of bugs.
As a result, if an attacker exploits, for example, a Chrome PDF handling vulnerability, their actions are restricted to the sandboxed environment and they can’t execute arbitrary code on the actual system.
A recent Google-funded study conducted by security consultancy firm Accuvant, determined that Chrome is the most secure browser when compared to Internet Explorer and Firefox. Accuvant’s researchers analyzed the anti-exploitation technologies implemented in the three browsers, including process sandboxing, plug-in security, JIT hardening techniques, ASLR, DEP and stack cookies (GS).