Google fixes severe security vulnerability in Chrome browser

Google has released a new version of its Chrome browser to fix a "high severity" security problem.

An error in handling certain URLs in Google versions cross-site scripting (XSS) without user interaction, said Mark Larson, Google Chrome program manager.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

"If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice," he said.

According to Larson, such an attack only works if Chrome is not already running.

XSS attacks can make a web browser process unauthorised code such as JavaScript to carry out a variety of other attacks such as stealing personal information.

The Chrome vulnerability was reported to Google by Roi Saltzman, a security researcher at IBM Rational Application Security Research Group.