Google closes critical hole in Chrome

February 10, 2009 – 5:36 AM

Google has discovered a vulnerability in its Chrome web browser that can allow an attacker to execute his own commands on a vulnerable Windows system. The vulnerability requires that the victim has previously installed Chrome, but is visiting a rigged web page using another browser, such as Internet Explorer.

According to Google, the cause of the problem is, related to the processing of particular URI/URLs in other browsers, through which it is possible to start a new Chrome window with an arbitrary address. By adding certain parameters, it can be possible to start and stop programs on the users system, such as a FTP program, which could open a back door. Google has fixed the problem in the stable version and updates are available through using the “About Google Chrome” option, to check for updates.


You must be logged in to post a comment.