You are here: silicon.com > Software > Security Strategy

Security Strategy

Google plugs severe security hole in Chrome

Fixing the scripts

Tags: security, chrome, google

Printer Friendly Email Story RSS

By Stephen Shankland

Published: 24 April 2009 09:07 GMT

Google released a new version of its Chrome browser Thursday to fix a high-severity security problem.

The problem affects Google's mainstream stable version of Chrome and is fixed in the new version 1.0.154.59. Google has built Chrome so it updates itself automatically with no user intervention, though the software must be restarted for the new version to run.

The security problem, reported 8 April by Roi Saltzman of the IBM Rational Application Security Research Group, allowed cross-site scripting attacks. Such methods can make a web browser process unauthorised code such as JavaScript, enabling a variety of attacks, including impersonation or phishing.

Mark Larson, Google Chrome programme manager, described the problem in a blog posting Thursday as "an error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions".

"If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running," the blog said.

Original article: Google fixes severe Chrome security hole from CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Chrome gives option to remove new-tab thumbnails

Google Chrome's speed gets a sparkle

Firefox and Chrome snatch share from IE

Chrome and Firefox get clickjacked

Google Chrome soon to land on Mac

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year


  • Jobs
Java Developer x 4 (HTML, CSS, Javascript)

Previous experience with Google Web Toolkit (GWT), Web Browser/Web A Java Developer x 4 is required to join the thriving software development team ...

Web Developer / PHP Developer - PHP, Joomla or Magento, PHP, (X)HTML

This means that you would be joining a company with a reputation for delivering the best work and results to some of the county's leading brands.We ...

Junior Tester

Holidays, Company Pension Full training on any skills gaps Desirable skills (not essential) Previous experience as a Web Application Tester Strong ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

JD Edwards Spotlight Video

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


eBay app lets users bid from a BlackBerry

ID card database: 500 names added in first month

Women in IT: Tech has an image problem

Tesco Mobile to get a taste of Apple's iPhone

Marketing chiefs: Are you spamming your customers?

IT skills shortage squashed by recession?




Quick Sitemap Links: