Google today updated its stable version of the Chrome browser to version 184.108.40.206 to fix a serious security issue. The ‘funny’ thing is the issue is triggered by Microsoft’s Internet Explorer (IE) browser.
The issue is very serious and according to Google could potentially enable something called universal cross-site scripting (UXSS) without a user having to do anything.
According to Google’s bug report on the issue:
When loaded in Internet Explorer, a specially crafted HTML page can launch Google Chrome with an arbitrary URI without requiring any user interaction.
How could this happen in 2009 to Chrome? Is it Google’s fault or Microsoft’s?