Google updates Google Chrome to fix a security vulnerability that would allow hackers to launch universal cross-site scripting attacks. The flaw affects users with the Chrome Web browser installed who visit a malicious Web page with Microsoft Internet Explorer.
The Google Chrome Web browser has found itself at the center of a security issue that could lead to cross-site scripting attacks.
Google Chrome has been updated to 1.0.154.59 to fix security vulnerability in the handling of ChromeHTML URIs (Uniform Resource Identifiers) that allows an attacker to bypass the Same Origin Policy for any site and enumerate victim's files and directories.
"If a user has Google Chrome installed, visiting an attacker-controlled Web page in Microsoft Internet Explorer could have caused Google Chrome to launch, open multiple tabs and load scripts that run after navigating to a URL of the attacker's choice," the advisory stated.
The vulnerability was discovered by IBM security researcher Roi Saltzman, who noted in a blog post that the processing of URL protocol handlers has been an ongoing issue with Internet Explorer. A similar situation was uncovered in 2007 involving Internet Explorer and Firefox.
No comments:
Post a Comment