Chrome/IE security flaw

Kaspersky Labs journalist Ryan Maraine writes up the new security problem when running IE + Google Chrome.

http://blogs.zdnet.com/security/?p=3224&tag=nl.e019

I was particularly interested in this since I run Chrome as my default browser and IE6 as a secondary.  I mainly use IE for online banking (since it doesn’t play well with Chrome) and my time card at work.  However, if you’re surfing with IE while Chrome is installed, you need to read this article.  I will copy over what Ryan said:
 

The skinny:

  • If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker’s choice.

The “high severity” vulnerability affects Google Chrome versions 1.0.154.55 and earlier.

So class, what is rule #1 for making sure a system is secure?  That’s right.  Keep your A/V (you do have A/V, right?), OS, and other software fully patched.  I’m typing this in Chrome v. 1.0.154.59.  So I’m (hopefully) all set, as I’m 4 builds ahead of the vulnerability.  Keep it up to date.  You can check your version by clicking on the “wrench” icon in the upper right hand corner of Chrome and clicking “About Google Chrome.”

Here’s another snide sort of comment Ryan included:
 

“It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles’ heel and has been widely used previously to attack other various applications,” [Roi Saltzman at IBM] said.  Proof-of-concept code for this issue is publicly available.
Microsoft maintains the problems are not related to vulnerabilities in its code.
Of course.
Advertisements
Explore posts in the same categories: IT, Security, Tech News

Tags: , , , , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: