For the past few days, many newspapers like Computer World, PC World, CNET and Information Week have reported Google Chrome's critical vulnerability discovered by Bkis.
"Just days after it rolled out Chrome, Google Inc. issued an update after Vietnamese security researchers reported a critical vulnerability in the beta browser". (Cited from Computer World)
The bug is a buffer overflow in the SaveAs function of Chrome version 0.2.149.27. If the user accesses a website containing exploit codes, the attacker will then execute the malicious codes and seize the control of the PC.
Today, Microsoft also confirmed the critical flaw in Windows Media Encoder identified by two Bkis researchers Nguyen Minh Duc and Le Manh Tung and issued the update. The flaw allows the hacker to take complete control over the user's PC via remote code execution. Bkis has sent this warning to Microsoft since March 2008. Today the patch MS08 – 053 is officially released after 5 month cooperation between Microsoft and Bkis researchers.
"Google and Microsoft at the same time acknowledged the vulnerabilities reported by Bkis, which, I believe, marked
To fix this flaw users are recommended to immediately update the latest patches. To update Google Chrome version 0.2.149.29, click menu "About Google Chrome" and follow the instructions, or download the patch directly from Google's website. For Windows Media Encoder, the users need to choose the "Automatic Updates" feature in Control Panel of Windows.
"We have set targets to master security technologies to help ensure the national security as well as enter the global market step by step. Four years ago, we began to train our researchers, build our network security laboratory, improve the research process and analyze software vulnerabilities. And now we've got ready for challenges. As I many times have said, Vietnamese are competent in this area," said Nguyen Tu Quang, Director of Bkis.
Additional information about Google Chrome's vulnerability:
Just three days after Google Chrome's release there have been four security holes reported by researchers, among which the vulnerability notified by Bkis was designated "critical" since it might lead to remote code execution attack. The other three bugs were considered less serious as they only got Google Chrome hung up or automatically downloaded files into users' default directory.
Additional information about Windows Media Encoder vulnerability:
According to September Security Bulletin, Microsoft only delivered four patches compared with eleven patches in August. And these four fixed bugs were all rated "critical" by this company. These vulnerabilities were found in Windows Media Encoder, Microsoft Office, Windows Media Player 11 and Microsoft Windows. (The first flaw was discovered by Bkis.)
Computer World: Google issues first patches for Chrome
U.S PC World: Critical Vulnerability Patched in Google's Chrome
*Note: Bkis is the former trademark of Bkav. Since January 1st, 2010, Bkav has been consistently used as the official trademark globally.