Google fixes vulnerability in Chrome

By David Neal on Apr 27, 2009 9:18AM
Google fixes vulnerability in Chrome

The problem, which was discovered earlier this month, would have allowed an attacker to launch and run scripts of their choosing on a compromised machine.

Google said today that the issue, which was discovered and reported by Roi Saltzman of the IBM Rational Application Security Research Group in March, had a 'High' severity rating.

According to Mark Larson, Chrome programme manager, the flaw "could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice", if they visited a maliciously coded web page in Internet Explorer.

In his initial report, Saltzman wrote, "Using three separate issues that reside in various parts of Google Chrome a malicious attacker can craft powerful attacks that endanger any user that browses a malicious site using Internet Explorer and has Google Chrome installed.

"[The issues] may result in highly dangerous attack vector as demonstrated in the attack vectors section.

The most severe impact of the vulnerabilities described in this document is achieving a successful Cross-Site Scripting attack on an arbitrary site.

An XSS attack enables numerous other attacks: an attacker could steal a victim's cookies, steal saved form filler data, modify user-browsing experience and facilitate phishing attacks."

Google said that although Chrome would update itself automatically on user machines, some human intervention, in the form of a manual shutdown and restart, would be necessary.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
attack attacker chrome google security

Partner Content

New Microsoft CSP rules? Here’s how MSPs can stay ahead with Ingram Micro
New Microsoft CSP rules? Here’s how MSPs can stay ahead with Ingram Micro
Shared Intelligence is the Real Competitive Edge Partners Enjoy with Crayon
Shared Intelligence is the Real Competitive Edge Partners Enjoy with Crayon
How mandatory climate reporting is raising the bar for corporate leadership
How mandatory climate reporting is raising the bar for corporate leadership
MSPs with a robust data protection strategy will achieve market success
MSPs with a robust data protection strategy will achieve market success
Empowering Sustainability: Schneider Electric's Dedication to Powering Customer Success
Empowering Sustainability: Schneider Electric's Dedication to Powering Customer Success

Sponsored Whitepapers

Cut through the SASE confusion
Cut through the SASE confusion
Stay protected as cyber threats evolve
Stay protected as cyber threats evolve
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The changing face of Australian distribution
The changing face of Australian distribution

Most read articles

Save-the-dates for Pipeline 2026: We're levelling up to Hamilton Island in May!

Save-the-dates for Pipeline 2026: We're levelling up to Hamilton Island in May!
The State of Channel Security

The State of Channel Security
Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told

Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told
Announcing the 2025 Benchmark Security Awards Partner finalists

Announcing the 2025 Benchmark Security Awards Partner finalists

Log in

Email:
Password:
  |  Forgot your password?