0
images/news/google.jpgGoogle is not saying much today about a flaw discovered in the V8 JavaScript engine of its Chrome 2 stable Web browser, one which triggered an update that is being rolled out to Chrome users today. Amid what it is sharing today, however, is a surprising fact: Mozilla Security is being credited with the discovery.
Malicious JavaScript, Google says, can cause the Chrome browser to run arbitrary code, although that code may still be protected by the browser's "sandbox" -- its protected area of memory where running code has no access to system resources. However, it's conceivable that code running within the sandbox could provoke the user (by social means, perhaps by feigning a crash or system bug) to perform an action that may trigger a more damaging process delivered through a different payload, so Google treated the issue with a "High" severity rating.
On the one hand, it's conceivable that Mozilla's security team may be testing other brands of open source browsers for the same possible exploits for which it's testing various releases of Firefox. But a more plausible story is that a derivative of a Firefox bug that had already been reported or discovered by Mozilla's security team, was tried by Mozilla or Google on a Chrome browser, with the same detrimental results.
Betanews
Malicious JavaScript, Google says, can cause the Chrome browser to run arbitrary code, although that code may still be protected by the browser's "sandbox" -- its protected area of memory where running code has no access to system resources. However, it's conceivable that code running within the sandbox could provoke the user (by social means, perhaps by feigning a crash or system bug) to perform an action that may trigger a more damaging process delivered through a different payload, so Google treated the issue with a "High" severity rating.
On the one hand, it's conceivable that Mozilla's security team may be testing other brands of open source browsers for the same possible exploits for which it's testing various releases of Firefox. But a more plausible story is that a derivative of a Firefox bug that had already been reported or discovered by Mozilla's security team, was tried by Mozilla or Google on a Chrome browser, with the same detrimental results.
Betanews
