Google fixes command injection issue in Chrome
Google is out with an incremental update to its stable and beta releases of the Chrome browser to version 220.127.116.11. The key fix is a very interesting cross browser attack vector that previously plagued Firefox and Microsoft's Internet Explorer.
According to Google's release notes:
There is also a security fix for a bug (5825 analogous to CVE-2007-3670) where command line arguments could be injected and executed by getting a user to click a link in certain other browsers.
As far as I can tell this is the same issue that Mozilla dealt with back in July of 2007. The CVE advisory on the original issue notes:
Argument injection vulnerability in Microsoft Internet Explorer, when
running on systems with Firefox installed and certain URIs registered,
allows remote attackers to conduct cross-browser scripting attacks and
execute arbitrary commands.
So then - this is an issue that has been known in other browsers for 18+ months but now has been plugged in the newbie Google Chrome. Go figure.