RealTime IT News

Google Updates Chrome for IE Security Issue


Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT


Google Chrome
From the "Run Microsoft, infect Google" files:

Google today updated its stable version of the Chrome browser to version 1.0.154.58 to fix a serious security issue. The "funny" thing is the issue is triggered by Microsoft's Internet Explorer (IE) browser.

The issue is very serious and according to Google could potentially enable something called universal cross-site scripting (UXSS) without a user having to do anything.

According to Google's bug report on the issue:

When loaded in Internet Explorer, a specially crafted HTML page can launch Google Chrome with an arbitrary URI without requiring any user interaction.

That's right friends, if you run into an evil page while running IE, you could force Chrome to open up any pages an attacker wants or even arbitrary JavaScript...

[Continue reading this blog post at Netstat -vat by Sean Michael Kerner]