Google stopft kritisches Loch in Chrome 135

Google stopft kritisches Loch in Chrome 135 Unbefugte können aus der Ferne Schadcode einschleusen und ausführen. Betroffen sind Chrome für Windows, macOS und Linux. von Stefan Beiersmann am 16. April 2025 , 09:55 Uhr Google hat ein Sicherheitsupdate für seinen Browser Chrome veröffentlicht. In Chrome 135 stecken demnach zwei Schwachstellen. Eine Anfälligkeit ist als kritisch eingestuft: Ein Angreifer kann unter Umständen Schadcode aus der Ferne einschleusen und außerhalb der Sandbox des Browsers ausführen.var screensize = document.documentElement.clientWidth;if (screensize < 1800) {var minscreenwidth = "1280";} else {var minscreenwidth = "1920";}var u_company = "n/a";var u_job_description = "n/a";var u_company_size = "n/a";var u_industry = "n/a";if (kaminoCookie.getItem("ct_echo") != undefined) {var ct_echo = JSON.parse(kaminoCookie.getItem("ct_echo"));ct_echo.details = ct_echo.details || {};u_company = "n/a";u_job_description = ct_echo.details.jd || "n/a";u_company_size = ct_echo.details.ne || "n/a";u_industry = ct_echo.details.is || "n/a";}console.log("id:DESKTOP_IN_ARTICLE-88421597-0");var scr = document.getElementById("DESKTOP_IN_ARTICLE-88421597-0");var device = "desktop";if(dfp_device_view == device){var slot_div = document.createElement("div");slot_div.setAttribute("id", "div-gpt-ad-DESKTOP_IN_ARTICLE-88421597-0");slot_div.setAttribute("class", "dfp_ad div-gpt-ad-DESKTOP_IN_ARTICLE-0 desktop sticky-DESKTOP_IN_ARTICLE-88421597-0");slot_div.setAttribute("height", "0");var word = "";if(word != ""){var slot_word_div = document.createElement("div");slot_word_div.setAttribute("class", "dfp_word");slot_word_div.innerHTML = word;slot_div.appendChild(slot_word_div);}scr.parentNode.insertBefore(slot_div, scr.nextSibling);googletag.cmd.push(function() {var infinite_scroll = false;if("" != ""){infinite_scroll = true;if(hutt_original_page_id != ""){hutt_original_page_id = "";hutt_defineSlot_slot_object_infinite_scroll = [];}}var slot = googletag.defineSlot("/16255858/zdnet/article/workspace/browser",[8, 8], "div-gpt-ad-DESKTOP_IN_ARTICLE-88421597-0").setTargeting("artid", "88421597").setTargeting("cat", ["browser","workspace"]).setTargeting("tag", ["browser","chrome","schwachstellen","security","sicherheit"]).setTargeting("type", "post").setTargeting("min_width", minscreenwidth).setTargeting("job_description", u_job_description).setTargeting("company_size", u_company_size).setTargeting("industry", u_industry).setTargeting("company", u_company).addService(googletag.pubads());if(infinite_scroll == true){hutt_defineSlot_slot_object_infinite_scroll.push( slot );}var size = "[8, 8]";size = size.replace(/s+/g, "");hutt_defineSlot["div-gpt-ad-DESKTOP_IN_ARTICLE-88421597-0"] = {};hutt_defineSlot["div-gpt-ad-DESKTOP_IN_ARTICLE-88421597-0"]["size"] = size;hutt_defineSlot_slot_object["div-gpt-ad-DESKTOP_IN_ARTICLE-88421597-0"] = {};hutt_defineSlot_slot_object["div-gpt-ad-DESKTOP_IN_ARTICLE-88421597-0"]["slot"] = slot;googletag.display("div-gpt-ad-DESKTOP_IN_ARTICLE-88421597-0");});}var screensize = document.documentElement.clientWidth;if (screensize < 1800) {var minscreenwidth = "1280";} else {var minscreenwidth = "1920";}var u_company = "n/a";var u_job_description = "n/a";var u_company_size = "n/a";var u_industry = "n/a";if (kaminoCookie.getItem("ct_echo") != undefined) {var ct_echo = JSON.parse(kaminoCookie.getItem("ct_echo"));ct_echo.details = ct_echo.details || {};u_company = "n/a";u_job_description = ct_echo.details.jd || "n/a";u_company_size = ct_echo.details.ne || "n/a";u_industry = ct_echo.details.is || "n/a";}console.log("id:VIDEO_INFEED-88421597-0");var scr = document.getElementById("VIDEO_INFEED-88421597-0");var device = "desktop";if(dfp_device_view == device){var slot_div = document.createElement("div");slot_div.setAttribute("id", "div-gpt-ad-VIDEO_INFEED-88421597-0");slot_div.setAttribute("class", "dfp_ad div-gpt-ad-VIDEO_INFEED-0 desktop sticky-VIDEO_INFEED-88421597-0");slot_div.setAttribute("height", "0");var word = "";if(word != ""){var slot_word_div = document.createElement("div");slot_word_div.setAttribute("class", "dfp_word");slot_word_div.innerHTML = word;slot_div.appendChild(slot_word_div);}scr.parentNode.insertBefore(slot_div, scr.nextSibling);googletag.cmd.push(function() {var infinite_scroll = false;if("" != ""){infinite_scroll = true;if(hutt_original_page_id != ""){hutt_original_page_id = "";hutt_defineSlot_slot_object_infinite_scroll = [];}}var slot = googletag.defineSlot("/16255858/zdnet/article/workspace/browser",['fluid'], "div-gpt-ad-VIDEO_INFEED-88421597-0").setTargeting("artid", "88421597").setTargeting("cat", ["browser","workspace"]).setTargeting("tag", ["browser","chrome","schwachstellen","security","sicherheit"]).setTargeting("type", "post").setTargeting("min_width", minscreenwidth).setTargeting("job_description", u_job_description).setTargeting("company_size", u_company_size).setTargeting("industry", u_industry).setTargeting("company", u_company).addService(googletag.pubads());if(infinite_scroll == true){hutt_defineSlot_slot_object_infinite_scroll.push( slot );}var size = "['fluid']";size = size.replace(/s+/g, "");hutt_defineSlot["div-gpt-ad-VIDEO_INFEED-88421597-0"] = {};hutt_defineSlot["div-gpt-ad-VIDEO_INFEED-88421597-0"]["size"] = size;hutt_defineSlot_slot_object["div-gpt-ad-VIDEO_INFEED-88421597-0"] = {};hutt_defineSlot_slot_object["div-gpt-ad-VIDEO_INFEED-88421597-0"]["slot"] = slot;googletag.display("div-gpt-ad-VIDEO_INFEED-88421597-0");});} Die kritische Lücke beschreibt Google in den Versionshinweisen als Heap-Pufferüberlauf in den Chrome-Codecs. Ein solcher Pufferüberlauf kann zu einer Remotecodeausführung und damit zu einer vollständigen Kompromittierung eines Systems führen. Der zweite Fehler ist ein Use-after-free-Bug in USB. Auch hier ist das Ausführen von beliebigen Code wahrscheinlich möglich. Weitere Details zu beiden Schwachstellen halten die Entwickler zurück, auch um Nutzer zu schützen, die nicht in der Lage sind, zeitnah das bereitgestellte Update einzuspielen. Um sich vor möglichen Angriffen zu schützen, sollten Chrome-Nutzer ihren Browser auf die Version 135.0.7049.95/.96 für Windows und macOS oder 135.0.7049.95 für Linux aktualisieren. Die Verteilung erfolgt über die Update-Funktion von Chrome. Eine manuelle Aktualisierung ist über den Punkt „Über Google Chrome“ im Hilfe-Menü der Browsereinstellungen möglich. Zum Abschluss der Installation ist ein Neustart von Chrome erforderlich. Themenseiten: Browser, Chrome, Google, Schwachstellen, Security, Sicherheit Fanden Sie diesen Artikel nützlich? var screensize = document.documentElement.clientWidth;if (screensize < 1800) {var minscreenwidth = "1280";} else {var minscreenwidth = "1920";}var u_company = "n/a";var u_job_description = "n/a";var u_company_size = "n/a";var u_industry = "n/a";if (kaminoCookie.getItem("ct_echo") != undefined) {var ct_echo = JSON.parse(kaminoCookie.getItem("ct_echo"));ct_echo.details = ct_echo.details || {};u_company = "n/a";u_job_description = ct_echo.details.jd || "n/a";u_company_size = ct_echo.details.ne || "n/a";u_industry = ct_echo.details.is || "n/a";}console.log("id:MOBILE_MPU-88421597-4");var scr = document.getElementById("MOBILE_MPU-88421597-4");var device = "mobile";if(dfp_device_view == device){var slot_div = document.createElement("div");slot_div.setAttribute("id", "div-gpt-ad-MOBILE_MPU-88421597-4");slot_div.setAttribute("class", "dfp_ad div-gpt-ad-MOBILE_MPU-4 mobile sticky-MOBILE_MPU-88421597-4");slot_div.setAttribute("height", "0");var word = "";if(word != ""){var slot_word_div = document.createElement("div");slot_word_div.setAttribute("class", "dfp_word");slot_word_div.innerHTML = word;slot_div.appendChild(slot_word_div);}scr.parentNode.insertBefore(slot_div, scr.nextSibling);googletag.cmd.push(function() {var infinite_scroll = false;if("" != ""){infinite_scroll = true;if(hutt_original_page_id != ""){hutt_original_page_id = "";hutt_defineSlot_slot_object_infinite_scroll = [];}}var slot = googletag.defineSlot("/16255858/zdnet/article/workspace/browser",[[300, 250], [300, 600]], "div-gpt-ad-MOBILE_MPU-88421597-4").setTargeting("pos", 4).setTargeting("artid", "88421597").setTargeting("cat", ["browser","workspace"]).setTargeting("tag", ["browser","chrome","schwachstellen","security","sicherheit"]).setTargeting("type", "post").setTargeting("min_width", minscreenwidth).setTargeting("job_description", u_job_description).setTargeting("company_size", u_company_size).setTargeting("industry", u_industry).setTargeting("company", u_company).addService(googletag.pubads());if(infinite_scroll == true){hutt_defineSlot_slot_object_infinite_scroll.push( slot );}var size = "[[300, 250], [300, 600]]";size = size.replace(/s+/g, "");hutt_defineSlot["div-gpt-ad-MOBILE_MPU-88421597-4"] = {};hutt_defineSlot["div-gpt-ad-MOBILE_MPU-88421597-4"]["size"] = size;hutt_defineSlot_slot_object["div-gpt-ad-MOBILE_MPU-88421597-4"] = {};hutt_defineSlot_slot_object["div-gpt-ad-MOBILE_MPU-88421597-4"]["slot"] = slot;googletag.display("div-gpt-ad-MOBILE_MPU-88421597-4");});} Whitepaper Umgang mit Veränderungen bei der Beschaffung im Gesundheitswesen 01.01.1970, Amazon Business Cloud-basierter elektronischer Datenaustausch | Der Weg zur digitalen Transformation 01.01.1970, Esker Geschäftliche Herausforderungen mit Daten und KI lösen: 5 Erkenntnisse von Führungskräften der C-Ebene 01.01.1970, Elastic » Alle Whitepaper … Artikel empfehlen: 0