Google Chrome and Microsoft are to patch vulnerabilities in the stable channel and PowerPoint respectively.

 

Google Chrome's Stable channel has been updated to version 1.0.154.64 to fix two security issues that were discovered by internal Google testing.

 

It claimed that the patch, named CVE-2009-1441, would mean that a failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user.

 

To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process. Google has rated this vulnerability as critical as an attacker might be able to run code with the privileges of the logged on user.

 

A vulnerabiliy was also patched that would allow an attacker to be able to run arbitrary code within the Google Chrome sandbox. This vulnerability has been rated as high, as a victim would need to visit a page under an attacker's control, and any code that an attacker might be able to run inside the renderer process would be inside the sandbox.

 

Meanwhile, Microsoft has issued an advance notification of a patch for Office PowerPoint that has been given a severity rating of critical, the only fix for its monthly patch Tuesday update.

 

It claimed in a statement on 2nd April that it was ‘investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file'.

 

Microsoft claimed that it was only aware of limited and targeted attacks that attempt to use this vulnerability, and that an attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

 

Andrew Clarke, senior vice president international at Lumension, said: “At first glance, May appears to be bringing an easier Patch Tuesday, but IT departments must not rest easy as there is still much activity from the month to keep them busy. According to the advanced bulletin, the PowerPoint patch we were waiting for has finally been released.”