Multiple serious security flaws in the Google Chrome browser could expose users to code execution attacks, according to an advisory released today.
The flaws, rated “high risk,” have been addressed in Google Chrome 2.0.172.43, which is released automatically to Chrome users.
Vulnerabilities include:
CVE-2009-2935 (High Severity): A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code. Technical details are being withheld until the fix is shipped…

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. Microsoft mentions that they are aware of active exploits against this vulnerability and at the moment there is no patch, just a a workaround. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft advisory…