Internet Explorer a Security Vulnerability for Google Chrome
It seems that users who have Microsoft Internet Explorer and Google Chrome installed on their machine are exposing themselves to malicious attacks simply because the two browser versions do not play well together. According to Google, visiting malicious web pages could permit an attacker to run scripts on the targeted machine.
“An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions. If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice,” explained Google Chrome Program Manager, Mark Larson.
The security hole’s security rating is “high” because it allows universal cross-site scripting (UXSS) with no interaction from the user (in certain conditions of course). Chrome versions affected by this issue include version 1.0.154.55 and earlier versions. Google has already fixed the problem with the release of Chrome 1.0.154.59
“These issues pose a major threat to any user that browses a maliciously crafted page using Internet Explorer and has Google Chrome installed alongside. It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles’ heel and has been widely used previously to attack other various applications,” explained Roi Saltzman, the security researcher that is credited for discovering this vulnerability. It is important to update your Chrome browser, if you are running it alongside Internet Explorer, for the simple reason that a proof-of-concept code for exploiting the vulnerability is available on the wild (that’s to say it is publicly available as you can see here).
When asked to comment on the matter, Microsoft stated that vulnerabilities in its code are not to blame for the problems with Chrome.
Tags: Google, Chrome, Microsoft, Internet Explorer,
“An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions. If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice,” explained Google Chrome Program Manager, Mark Larson.
Advertising
The security hole’s security rating is “high” because it allows universal cross-site scripting (UXSS) with no interaction from the user (in certain conditions of course). Chrome versions affected by this issue include version 1.0.154.55 and earlier versions. Google has already fixed the problem with the release of Chrome 1.0.154.59
“These issues pose a major threat to any user that browses a maliciously crafted page using Internet Explorer and has Google Chrome installed alongside. It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles’ heel and has been widely used previously to attack other various applications,” explained Roi Saltzman, the security researcher that is credited for discovering this vulnerability. It is important to update your Chrome browser, if you are running it alongside Internet Explorer, for the simple reason that a proof-of-concept code for exploiting the vulnerability is available on the wild (that’s to say it is publicly available as you can see here).
When asked to comment on the matter, Microsoft stated that vulnerabilities in its code are not to blame for the problems with Chrome.
Tags: Google, Chrome, Microsoft, Internet Explorer,
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 02 Sep 2011
Redmond-based software giant Microsoft announced yesterday that the usage share of its IE9 (Internet Explorer 9) web browser has gone past the 20% mark worldwide on Windows 7 as of the 
By George Norman on 24 Nov 2011
Today is Thanksgiving in the good old US of A, the day when everyone gives thanks and fills their bellies with lots and lots of food. This means that a lot of people went back home to celebrate Thanksgiving with their families and visit their parents.
By George Norman on 16 Dec 2011
Earlier this week, Mountain View-based search engine giant Google announced that version 16.0 of its Chrome web browser graduated from the Beta to the Stable Channel. I remind you that Google 
By George Norman on 23 Jan 2012
Since it’s such a hot topic in the browser world, then surely you’ve heard that modern browsers provide support for something called HTML5.Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Internet Explorer a Security Vulnerability for Google Chrome
HTML Linking Code
HTML Linking Code