The flaw was discovered earlier this month by an IBM security researcher and was patched last night, with the release of Chrome version 1.0.154.59.
"An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions," Chrome program manager Mark Larson explains.
"If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running."
Read more
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vayWcU8qKP5GgGJE9E8ce1visLSZBPh70d78kYOK6o3lYIGlUvUxd5DQUkNhR_6uiSj7yVXFmpTrgmZz-YxVd-NunfjOMFvTfi-bI6_3gwQ5vkkv7wXE0WK7QGupH5nqfWGkkayf_-nkR3krUY4lWi=s0-d)
No comments:
Post a Comment