Stable, Beta update: Security fix

Google Chrome 2.0.172.33 has been released to the Stable and Beta channels. This release fixes a critical security issue and two other networking bugs.

CVE-2009-2121: Buffer overflow processing HTTP responses

Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly allow an attacker to run arbitrary code.

More info: http://code.google.com/p/chromium/issues/detail?id=14508 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: Critical. An attacker might be able to run code with the privileges of the logged on user.

**Credit:**This issue was found by the Google Chrome security team.

Other issues

This release also fixes two other network issues:

• NTLM authentication to Squid proxies fails when trying to connect to HTTPS sites (Issue 8771)

• Browser crash when loading some HTTPS sites (Issue 13226)

Mark Larson

Google Chrome Program Manager