Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The problem, which was discovered earlier this month, would have allowed an attacker to launch and run scripts of their choosing on a compromised machine.Google said today that the issue, which was discovered and reported by Roi Saltzman of the IBM Rational Application Security Research Group in March, had a 'High' severity rating.According to Mark Larson, Chrome programme manager, the flaw "could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice", if they visited a maliciously coded web page in Internet Explorer.In his initial report, Saltzman wrote, "Using three separate issues that reside in various parts of Google Chrome a malicious attacker can craft powerful attacks that endanger any user that browses a malicious site using Internet Explorer and has Google Chrome installed."[The issues] may result in highly dangerous attack vector as demonstrated in the attack vectors section. The most severe impact of the vulnerabilities described in this document is achieving a successful Cross-Site Scripting attack on an arbitrary site. An XSS attack enables numerous other attacks: an attacker could steal a victim's cookies, steal saved form filler data, modify user-browsing experience and facilitate phishing attacks."Google said that although Chrome would update itself automatically on user machines, some human intervention, in the form of a manual shutdown and restart, would be necessary.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.