Google patches Chrome for Apple WebKit flaw
Yesterday morning I blogged about the Safari 4.0.4 update commenting that WebKit is used by both Apple and Google for their respective browsers. I also wondered if Google's Chrome was vulnerable to the same WebKit issue that Apple patched.
Turns out I was right.
Late Thursday, Google released Chrome stable 220.127.116.11 which fixes the same Cross Site Request Forgery (CSRF) issue that Safari 4.0.4 fixed. In fact, Google doesn't even have its own specific advisory on the Apple WebKit issue, they just point to Apple's support notice.
That said, as I wrote yesterday, it's still very interesting to take note of the shared WebKit flaws between Apple and Google. While both vendors actively contribute to WebKit development they both also share its risks.