MS discovers flaw in Google plug-in for IE
Google whacked
Posted in Enterprise Security, 20th November 2009 11:10 GMT
Free whitepaper – Assuring application service quality
Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users.
The plug-in allows suitably coded web pages to be displayed in Internet Explorer using the Google Chrome rendering engine. Redmond warned that the plug-in made IE less secure as soon as it became available back in September, an argument bolstered by the discovery of a cross-origin bypass flaw in the add-in
Successfully exploiting the flaw creates a means for hackers to bypass security controls though not to go all the way and drop malware onto vulnerable systems.
Microsoft and security researcher Lostmon are jointly credited with discovering the vulnerability in Google's browser add-on.
Google acknowledged the flaw and urged users to update to version 4.0.245.1 of Google Chrome Frame. All users should be updated automatically to the latest version of the software, which also tackles a number of performance and stability glitches. Chief among these are problems handling iFrames, as explained in Google's security advisory here. ®
The Register Webcast - Desktop Support : The Hub of IT
The Register Guide to managing spam
The Register Green Computing Report
Secure Mobile Working
Risk and Resilience
