Google closes critical hole in ChromeFebruary 10, 2009 – 5:36 AM
Google has discovered a vulnerability in its Chrome web browser that can allow an attacker to execute his own commands on a vulnerable Windows system. The vulnerability requires that the victim has previously installed Chrome, but is visiting a rigged web page using another browser, such as Internet Explorer.
According to Google, the cause of the problem is, related to the processing of particular URI/URLs in other browsers, through which it is possible to start a new Chrome window with an arbitrary address. By adding certain parameters, it can be possible to start and stop programs on the users system, such as a FTP program, which could open a back door. Google has fixed the problem in the stable version 126.96.36.199 and updates are available through using the “About Google Chrome” option, to check for updates.