Google Chrome Frame Update Fixes Bugs and a Microsoft Discovered Vulnerability
Google Chrome Frame is an open-source plug-in released by the Mountain View-based search engine giant a few months ago. It gives Microsoft’s Internet Explorer browser HTML 5 compatibility and faster JavaScript – basically allowing the IE user to run anything that Google Chrome can. The official explanation provided by Google was that it wanted to help developers that want to use the latest open web technologies in the Microsoft developed web browser, Internet Explorer.
As you can imagine, Microsoft didn’t exactly like that Google came up with a way to turn IE into a Chrome clone. At the time it advised Internet Explorer 8 users to stay away from Google Chrome Frame – for security reasons. As a Microsoft spokesperson explained, “Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts.”
Speaking of security, Google has recently updated Google Chrome Frame to version 4.0.245.1. The update was released to fix a few bugs and plug one security vulnerability – vulnerability that Microsoft uncovered. We imagine there was much cheering in Redmond when they discovered the vulnerability. Leaving frivolities aside, here are the details Google provided:
Google Chrome Frame 4.0.223.9 and earlier versions were vulnerable to a cross-origin bypass.
Severity: High. An attacker could have bypassed cross-origin protections. Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue.
Credit: Thanks to Billy Rios and Microsoft Vulnerability Research (MSVR) and also to Lostmon for finding and reporting this vulnerability responsibly.
Now let’s see what bugs the Google Chrome Update fixes:
- Network requests no longer fail randomly
- CFInstall.js can better detect compatible opera rating systems and browser versions.
- CFInstall.js allows users to cancel the installation frame
- CFInstall.js no longer caches the isAvailable result
- Follow redirects properly
- IE8 no longer freezes intermittently
- Data directories are removed on uninstall
As you can imagine, Microsoft didn’t exactly like that Google came up with a way to turn IE into a Chrome clone. At the time it advised Internet Explorer 8 users to stay away from Google Chrome Frame – for security reasons. As a Microsoft spokesperson explained, “Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts.”
Speaking of security, Google has recently updated Google Chrome Frame to version 4.0.245.1. The update was released to fix a few bugs and plug one security vulnerability – vulnerability that Microsoft uncovered. We imagine there was much cheering in Redmond when they discovered the vulnerability. Leaving frivolities aside, here are the details Google provided:
Google Chrome Frame 4.0.223.9 and earlier versions were vulnerable to a cross-origin bypass.
Severity: High. An attacker could have bypassed cross-origin protections. Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue.
Credit: Thanks to Billy Rios and Microsoft Vulnerability Research (MSVR) and also to Lostmon for finding and reporting this vulnerability responsibly.
Now let’s see what bugs the Google Chrome Update fixes:
- Network requests no longer fail randomly
- CFInstall.js can better detect compatible opera rating systems and browser versions.
- CFInstall.js allows users to cancel the installation frame
- CFInstall.js no longer caches the isAvailable result
- Follow redirects properly
- IE8 no longer freezes intermittently
- Data directories are removed on uninstall
