Google closes critical hole in Chrome

February 10, 2009 – 5:36 AM

Google has discovered a vulnerability in its Chrome web browser that can allow an attacker to execute his own commands on a vulnerable Windows system. The vulnerability requires that the victim has previously installed Chrome, but is visiting a rigged web page using another browser, such as Internet Explorer.

According to Google, the cause of the problem is, related to the processing of particular URI/URLs in other browsers, through which it is possible to start a new Chrome window with an arbitrary address. By adding certain parameters, it can be possible to start and stop programs on the users system, such as a FTP program, which could open a back door. Google has fixed the problem in the stable version 1.0.154.48 and updates are available through using the “About Google Chrome” option, to check for updates.

Source:
http://www.heise-online.co.uk/news/Google-closes-critical-hole-in-Chrome–/112610

You must be logged in to post a comment.