Google fixes Chrome bug; Blames IE

Google has fixed a bug in their Chrome browser which could allow cross-site scripting and other dangerous policy violations under interesting circumstances: when Chrome is called from Internet Explorer because a link is executed in IE with the "chromehtml" protocol handler. Update Chrome to get to the new version 1.0.154.59, which they say fixes the […]

Google has fixed a bug in their Chrome browser which could allow cross-site scripting and other dangerous policy violations under interesting circumstances: when Chrome is called from Internet Explorer because a link is executed in IE with the "chromehtml" protocol handler. Update Chrome to get to the new version 1.0.154.59, which they say fixes the problem, but that's not what's really interesting about this bug.

What's interesting is that it's actually a new manifestation of an old problem: external protocol handlers are called from Internet Explorer with malicious input; IE just calls the handler with the supplied input. In this case, IBM researcher Roi Saltzman found 3 main attacks that could be launched through this mechanism that would be blocked through normal Chrome access methods.

Full Article