diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Google fixes Chrome bug; Blames IE

Google has fixed a bug in their Chrome browser which could allow cross-site scripting and other dangerous policy violations under interesting circumstances: when Chrome is called from Internet Explorer because a link is executed in IE with the “chromehtml” protocol handler. Update Chrome to get to the new version, which they say fixes the problem, but that’s not what’s really interesting about this bug.

What’s interesting is that it’s actually a new manifestation of an old problem: external protocol handlers are called from Internet Explorer with malicious input; IE just calls the handler with the supplied input. In this case, IBM researcher Roi Saltzman found 3 main attacks that could be launched through this mechanism that would be blocked through normal Chrome access methods.

Full Article

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!