Google patches Chrome for Apple WebKit flaw

From the ‘Shared Security Risk‘ files:

Yesterday morning I blogged about the Safari 4.0.4 update commenting that WebKit is used by both Apple and Google for their respective browsers. I also wondered if Google’s Chrome was vulnerable to the same WebKit issue that Apple patched.

Turns out I was right.

Late Thursday, Google released Chrome stable which fixes the same Cross Site Request Forgery (CSRF) issue that Safari 4.0.4 fixed. In fact, Google doesn’t even have its own specific advisory on the Apple WebKit issue, they just point to Apple’s support notice.

Does this mean that Chrome users were potentially at risk for a period of time longer than their Safari cousins? Well yes, but for a very slim amount of time and for a flaw that Google says has a very low risk.

That said, as I wrote yesterday, it’s still very interesting to take note of the shared WebKit flaws between Apple and Google. While both vendors actively contribute to WebKit development they both also share its risks.

News Around the Web