Bach Khoa Internetwork Security, a security-research firm in Vietnam, claims to be the first to discover a critical vulnerability in Google’s Chrome browser.
“This is the first critical Chrome vulnerability permitting [a] hacker to perform a remote code-execution attack and take complete control of the affected system,” the firm wrote in its Sept. 5 advisory. While four Chrome vulnerabilities were discovered, Bach Khoa said the “Save As” flaw is the only one that can allow an attacker to launch remote attacks from a victim’s PC. Other vulnerabilities just crash the browser.
The vulnerability is caused by a boundary error when handling the “Save As” function. When a user saves a malicious page with a title tag in the HTML code, the program causes a stack-based overflow, according to Bach Khoa. A hacker could construct a specially crafted Web page that contains malicious code, trick a user into visiting that Web site, and
convince the user to save the page. That will execute the code and give the attacker privileges to remotely use the infected system.
A Google spokesperson said, “”We have released a fix to address this vulnerability. Users will get this fix through an automated update to the browser, so they will not have to take any action to be protected.”
Well I haven’t got any fix till now, atleast I didn’t see my Google Chrome updating atleast.