Google Chrome Frame security flaw discovered by Microsoft
Back in September, Google launched Chrome Frame which embeds a Chrome-type browser inside of a Microsoft Internet Explorer(IE) browser. At the time, Microsoft claimed that Chrome Frame could make IE less secure.
Guess what? Turns out Microsoft was right.
Late Wednesday, Google issued an update to Chrome Frame with version 18.104.22.168 for a cross-origin bypass security vulnerability.
"An attacker could have bypassed cross-origin protections," Google warned in its advisory. "Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue."
So to recap, Microsoft was worried months ago that Google Chrome Frame put IE at risk and now they've proven it.