MS discovers flaw in Google plug-in for IE
Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users.
The plug-in allows suitably coded web pages to be displayed in Internet Explorer using the Google Chrome rendering engine. Redmond warned that the plug-in made IE less secure as soon as it became available back in September, an argument bolstered by the discovery of a cross-origin bypass flaw in the add-in
Successfully exploiting the flaw creates a means for hackers to bypass security controls though not to go all the way and drop malware onto vulnerable systems.
Microsoft and security researcher Lostmon are jointly credited with discovering the vulnerability in Google's browser add-on.
Google acknowledged the flaw and urged users to update to version 220.127.116.11 of Google Chrome Frame. All users should be updated automatically to the latest version of the software, which also tackles a number of performance and stability glitches. Chief among these are problems handling iFrames, as explained in Google's security advisory here. ®