Topic: Google fixes severe Chrome security hole

[georgecloner]

Google released a new version of its Chrome browser Thursday to fix a high-severity security problem.

The problem affects Google's mainstream stable version of Chrome and is fixed in the new version 1.0.154.59 (http://download.cnet.com/Google-Chrome/3000-2356_4-10881381.html?tag=mncol;txt). Google has built Chrome so it updates itself automatically with no user intervention, though the software must be restarted for the new version to run.

The security problem, reported April 8 by Roi Saltzman of the IBM Rational Application Security Research Group, allowed cross-site scripting attacks. Such methods can make a Web browser process unauthorized code such as JavaScript, enabling a variety of attacks, including impersonation or phishing.

Mark Larson, Google Chrome program manager, described the problem this way in a blog posting Thursday:

    An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.

    If a user has Google Chrome installed, visiting an attacker-controlled Web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running.

{CNET}

[azazur]

Hi
this version still Beta version or Stable release?

[Samker]

Hi
this version still Beta version or Stable release?

As I see this is Stable...

[zocker]

Use Opera instead! Its stable, safe and the best browser the world has ever seen!