New Version of Google Chrome Fixes Serious Security Problem

by Sam Dean - Apr. 24, 2009Comments (0)

Google Chrome users should take note of a blog post from Mark Larson, Chrome's Program Manager, calling out a fix for a serious security problem in the browser. The problem affects the non-developer, stable version of Chrome and allows the possibility of cross-site scripting attacks, which are becoming more and more common. The problem is now fixed in the new version 1.0.154.59 download.

According to Larson's post, the cross-site scripting problem in Chrome was another example of a bug that can lead to problems even if you're not running the browser:

 

"If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running."

 

You can follow the thread showing how the problem was identified and reported here, on the Chromium blog. If you're running Chrome, upgrade to the new, fixed version.


Browse Blog

Randy Clark uses OStatic to support Open Source, ask and answer questions and stay informed. What about you?




Comments

image
Share Your Comments

If you are a member, to have your comment attributed to you. If you are not yet a member, Join OStatic and help the Open Source community by sharing your thoughts, answering user questions and providing reviews and alternatives for projects.