Google fixes severe security vulnerability in Chrome browser
Google has released a new version of its Chrome browser to fix a "high severity" security problem.
Google has released a new version of its Chrome browser to fix a "high severity" security problem.
An error in handling certain URLs in Google versions cross-site scripting (XSS) without user interaction, said Mark Larson, Google Chrome program manager.
"If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice," he said.
According to Larson, such an attack only works if Chrome is not already running.
XSS attacks can make a web browser process unauthorised code such as JavaScript to carry out a variety of other attacks such as stealing personal information.
The Chrome vulnerability was reported to Google by Roi Saltzman, a security researcher at IBM Rational Application Security Research Group.