Google Plugs Major Security Hole in Chrome
Google recently updated its Chrome browser in order to fix a
major security problem. The problem affects the mainstream stable version of
Chrome and is fixed in the new version 18.104.22.168. Chrome is built to automatically update
itself, so users should receive this update without having to do anything. The
update will require the software to be restarted before it takes effect. Should
you need to manually force the download, you can do so by clicking the wrench
icon in the upper right corner of the browser, selecting About Google Chrome,
and clicking Update Now.
The security problem was originally reported on April 8th by Roi
Saltzman of the IBM Rational Application Security Research Group. During unreleased
research, Saltzman discovered a number of security issues that reside in
various parts of Google Chrome that pose a threat to any user who visits a
maliciously crafted page using Internet Explorer and has Google Chrome
installed. The issue allows cross-site scripting attacks that can make a Web
browser process unauthorized code and enable a variety of attacks including
impersonation and phishing.
Mark Larson, Google Chrome program manager, further described the problem in a blog posting:
An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.
If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice.
The attack wouldn’t work if Chrome was already running. Saltzman noted the way Internet Explorer processes URL protocol handlers has been widely used to attack other applications in the past. Saltzman praised Google for its quick response and the way in which the company handled the situation.