Microsoft Finds HTML5 and Sandboxing Security Holes in Google's Chrome Browser

Microsoft's Vulnerability Research program, discovered two exploits in Google's Chrome browser, which has now been fixed. According to Google, the bugs disclose by Microsoft are 'quite old', and were fixed by the end of last year.According to Microsoft the issues code-named MSVR11-001 and MSVR11-002 are known for the following reasons:MSVR11-001 could allow remote code to […]

Microsoft's Vulnerability Research program, discovered two exploits in Google's Chrome browser, which has now been fixed. According to Google, the bugs disclose by Microsoft are 'quite old', and were fixed by the end of last year.

According to Microsoft the issues code-named MSVR11-001 and MSVR11-002 are known for the following reasons:

MSVR11-001 could allow remote code to be executed through the sandboxing of Chrome, Microsoft stated:

A sandboxed remote code execution vulnerability exists in the way that Google Chrome attempts to reference memory that has been freed. An attacker could exploit the vulnerability to cause the browser to become unresponsive and/or exit unexpectedly, allowing an attacker to run arbitrary code within the Google Chrome Sandbox. The Google Chrome Sandbox is read and write isolated from the local file system which limits an attacker.

On the other hand, MSVR11-002 is an issue with older versions of Chrome, and older versions of Opera. Specifically, the two browsers that marked the end of the issue were Chrome 8.0.552.210, and Opera 10.62. This bug relates to the manner in which the two browsers handle HTML5; they deal with the code in a manner that could 'allow information disclosure'. Microsoft stats:

Specifically, as the World Wide Web Consortium (W3C) describes in the HTML5 specification for security with canvas elements, information leakage can occur if scripts from one origin can access information from another origin.

"An information disclosure vulnerability exists in the implementation of HTML5 in these Web browsers [Chrome and Opera]," Microsoft says. "Specifically, as the World Wide Web Consortium (W3C) describes in the HTML5 specification for security with canvas elements, information leakage can occur if scripts from one origin can access information from another origin."

[Via: Network World]