Google has released new security fixes for its Google chrome 18.104.22.168 and has released the same to Stable channel. Below are the fixes :
2) Security Fix: Treat weak signatures as invalid
Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.
3) CVE-2009-2414 Stack consumption vulnerability in libxml2
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
4) CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2
Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.
Click here for detailed information.
Stay tuned for more.