Saturday, May 2, 2009

Security Problems with Google Chrome?

There was a security threat with Google’s web browser - Google Chrome. According to the Google Chrome Team, there was an error in handling URLs with a chromehtml: protocol. This allowed the attacker to run scripts of his choice on any page or enumerate files on the local disk under certain conditions.

Because of this problem, the attacker could endanger any user who browsed a malicious site using Internet Explorer and had Google Chrome installed.

As per IBM Rational Application Security Insider, this allowed a dangerous combination of new security vulnerabilities letting a malicious attacker to bypass the Same Origin Policy restrictions for any site using the victim’s Google Chrome.

The dangerous impact:

1. Cross-Site Scripting attack where the attacker could steal cookies, save form filler data, modify user-browsing experience and facilitate phishing attacks.
2. Leaking of information: from the victim’s files and directories on the local file-system.

But, the good news is that a FIX has been released: Version 1.0.154.59 of Chrome and hopefully, all the security issues revolving around Google Chrome are under control now.

(Source: GoogleChromeReleases | IBM watchfire)

No comments: