Google has released a new version of its
Chrome browser to fix a "high severity" security problem.
An error in handling certain URLs in Google versions
cross-site scripting (XSS) without user interaction, said Mark
Larson, Google Chrome program manager.
"If a user has Google Chrome installed, visiting an
attacker-controlled web page in Internet Explorer could have caused
Google Chrome to launch, open multiple tabs, and load scripts that
run after navigating to a URL of the attacker's choice," he
said.
According to Larson, such an attack only works if Chrome is not
already running.
XSS attacks can make a web browser process unauthorised code
such as JavaScript to carry out a variety of other attacks such as
stealing personal information.
The Chrome vulnerability was reported to Google by Roi Saltzman,
a security researcher at IBM Rational Application Security Research
Group.