Multiple serious security flaws in the Google Chrome browser could expose users to code execution attacks, according to an advisory released today.
The flaws, rated “high risk,” have been addressed in Google Chrome 2.0.172.43, which is released automatically to Chrome users.
Vulnerabilities include:
CVE-2009-2935 (High Severity): A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code. Technical details are being withheld until the fix is shipped…

Thousands of websites have been hit by fast-moving exploit code that installs a cocktail of nasty malware on visitors’ computers by targeting a previously unknown vulnerability in some versions of Internet Explorer.
The compromised websites link to a series of servers that exploit a zero-day vulnerability in an IE component that processes media. The vulnerability affects those using the XP and 2003 versions of Windows, Microsoft warned in advisory 972890.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” company security representatives wrote. “When using Internet Explorer, code execution is remote…