Security Hero Rotating Header Image

Internet Explorer + Google Chrome = security problem

Internet Explorer + Google Chrome = security problem

Security problems surrounding protocol handling and Web browsers have surfaced again ¡X this time with Google Chrome and Microsoft¡¦s Internet Explorer.

According to an advisory from the Google Chrome team, there¡¦s an error in handling URLs with the a chromehtml: protocol that could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.

If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker¡¦s choice. The ¡§high severity¡¨ vulnerability affects Google Chrome versions 1.0.154.55 and earlier. It can be exploited by malicious hackers to launch universal cross-site scripting (UXSS) attacks without user interaction under certain conditions.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31032

Leave a Reply

Your email address will not be published. Required fields are marked *