Google fixes vulnerability in Chrome

By on
Google fixes vulnerability in Chrome

The problem, which was discovered earlier this month, would have allowed an attacker to launch and run scripts of their choosing on a compromised machine.

Google said today that the issue, which was discovered and reported by Roi Saltzman of the IBM Rational Application Security Research Group in March, had a 'High' severity rating.

According to Mark Larson, Chrome programme manager, the flaw "could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice", if they visited a maliciously coded web page in Internet Explorer.

In his initial report, Saltzman wrote, "Using three separate issues that reside in various parts of Google Chrome a malicious attacker can craft powerful attacks that endanger any user that browses a malicious site using Internet Explorer and has Google Chrome installed.

"[The issues] may result in highly dangerous attack vector as demonstrated in the attack vectors section.

The most severe impact of the vulnerabilities described in this document is achieving a successful Cross-Site Scripting attack on an arbitrary site.

An XSS attack enables numerous other attacks: an attacker could steal a victim's cookies, steal saved form filler data, modify user-browsing experience and facilitate phishing attacks."

Google said that although Chrome would update itself automatically on user machines, some human intervention, in the form of a manual shutdown and restart, would be necessary.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
attack attacker chrome google security

Partner Content

How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets

Sponsored Whitepapers

Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

Australian MSP Index launched

Australian MSP Index launched
Ingram Micro Ushers in the Age of Ultra

Ingram Micro Ushers in the Age of Ultra
Announcing Pipeline 2025 tickets, theme & initial speakers

Announcing Pipeline 2025 tickets, theme & initial speakers
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?