Kaspersky Labs journalist Ryan Maraine writes up the new security problem when running IE + Google Chrome.
I was particularly interested in this since I run Chrome as my default browser and IE6 as a secondary. I mainly use IE for online banking (since it doesn’t play well with Chrome) and my time card at work. However, if you’re surfing with IE while Chrome is installed, you need to read this article. I will copy over what Ryan said:
- If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker’s choice.
The “high severity” vulnerability affects Google Chrome versions 18.104.22.168 and earlier.
So class, what is rule #1 for making sure a system is secure? That’s right. Keep your A/V (you do have A/V, right?), OS, and other software fully patched. I’m typing this in Chrome v. 22.214.171.124. So I’m (hopefully) all set, as I’m 4 builds ahead of the vulnerability. Keep it up to date. You can check your version by clicking on the “wrench” icon in the upper right hand corner of Chrome and clicking “About Google Chrome.”
Here’s another snide sort of comment Ryan included:
“It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles’ heel and has been widely used previously to attack other various applications,” [Roi Saltzman at IBM] said. Proof-of-concept code for this issue is publicly available.Microsoft maintains the problems are not related to vulnerabilities in its code.