Tuesday, May 4, 2010

'Extremely severe' flaw in Opera web browser

An “extremely severe” security vulnerability in the Opera browser could put web surfers at risk of remote code execution attacks, the software maker warned today.

The vulnerability, now patched with the new Opera 10.53, affects Opera for Windows and Mac.

Details on the flaw are scarce. In this advisory, Opera warns:

Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed.

Google has also been busy on the browser patch treadmill over the last few weeks, shipping two separate fixes for flaws in the Chrome browser.

The first Chrome update, shipped on April 20, addresses some very serious security defects:

* High Risk — Type confusion error with forms. Credit: kuzzcc.
* High Risk — HTTP request error leading to possible XSRF. Credit: Meder Kydyraliev, Google Security Team.
* Medium Risk — Local file reference through developer tools. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
* Medium Risk — Cross-site scripting in chrome://net-internals. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
* High Risk — Cross-site scripting in chrome://downloads. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
* Medium Risk — Pages might load with privileges of the New Tab page.
* High Risk — Memory corruption in V8 bindings. Credit: kuzzcc; Google Chrome Security Team (SkyLined); Michal Zalewski, Google Security Team.

Then, on April 27, Google rushed out another Chrome update to fix the following:

* High Risk — Cross-origin bypass in Google URL (GURL). Credit: Jordi Chancel.
* High Risk — Memory corruption in HTML5 Media handling. Credit: David Bloom of Google Security Team.
* High Risk — Memory corruption in font handling. Credit: wushi of team509.

The Google Chrome patches were automatically (and silently) shipped to the browser.

No comments:

Post a Comment