Back in September, Google launched Chrome Frame which embeds a Chrome-type browser inside of a Microsoft Internet Explorer(IE) browser. At the time, Microsoft claimed that Chrome Frame could make IE less secure.
Guess what? Turns out Microsoft was right.
Late Wednesday, Google issued an update to Chrome Frame with version 4.0.245.1 for a cross-origin bypass security vulnerability.
“An attacker could have bypassed cross-origin protections,” Google warned in its advisory. “Although important, “High” severity issues do not permit persistent malware to infect a user’s machine. We’re unaware of any exploitation of this issue.”
What’s also particularly interesting about this Chrome Frame vulnerability is that it was not discovered by Google itself. It was discovered by Microsoft.
So to recap, Microsoft was worried months ago that Google Chrome Frame put IE at risk and now they’ve proven it.