Google has released Chrome version 0.2.149.29 to address multiple vulnerabilities. The four vulnerabilities are due to the following:
- a buffer overflow condition in the handling of filenames displayed in the “Save As” dialog
- a buffer overflow condition in the handling of link targets displayed in the status area when a user hovers over a link
- an out-of-bounds memory read error when parsing URLs ending with :%
- a default configuration that allows files to be downloaded to the desktop without prompting the user first
Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Google has indicated that the fixed version is being applied to all users through automatic updates. DarkFiber Consulting encourages users to review the Chrome 0.2.149.29 release notes and upgrade if the newest version has not been automatically applied.