Friday, 24 April 2009

Google patches "severe" Chrome bug : PC Pro

Google ChromeImage via Wikipedia

Google has patched a bug in its Chrome browser that allowed attackers to perform cross-site scripting attacks.

The flaw was discovered earlier this month by an IBM security researcher and was patched last night, with the release of Chrome version

"An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions," Chrome program manager Mark Larson explains.

"If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running."

Read more

Reblog this post [with Zemanta]

Bookmark and Share

No comments:

ss_blog_claim=a4dfb4b9e538ffc83c12431a781cd2c4 ss_blog_claim=a4dfb4b9e538ffc83c12431a781cd2c4