New Version of Google Chrome Fixes Serious Security Problem

by Ostatic Staff - Apr. 24, 2009

Google Chrome users should take note of a blog post from Mark Larson, Chrome's Program Manager, calling out a fix for a serious security problem in the browser. The problem affects the non-developer, stable version of Chrome and allows the possibility of cross-site scripting attacks, which are becoming more and more common. The problem is now fixed in the new version download.

According to Larson's post, the cross-site scripting problem in Chrome was another example of a bug that can lead to problems even if you're not running the browser:

"If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running."

You can follow the thread showing how the problem was identified and reported here, on the Chromium blog. If you're running Chrome, upgrade to the new, fixed version.