Google Fixes Two Serious Security Flaws in Chrome

The latest Chrome browser, version 3.0, of Google has been developed to solve two inherent security problems that can make users vulnerable to hackers' sinister attacks.

Of these flaws, the first one relates to a feed reader in Chrome that delivers unreliable content embedded in ATOM or RSS feeds. Owning to this, an attacker may insert a harmful JavaScript into a feed to subsequently make a user open it in the browser that could eventually lead to the code's execution. The vulnerability's severity has been rated as "medium," as it is not so widely exposed.

Understandably, Google has credited 'Inferno' a security investigator for uncovering this vulnerability that was duly notified without reservation to the security group specializing on Chrome on September 7, 2009. Inferno posted the details on his own blog where he elaborated the flaws minutely and indicated that for his work he referred to an XSS research involving traditional feed reader that James M. Snell and James Holderness together conducted during 2006.

Apart from Chrome, Inferno declares that the ATOM/RSS vulnerability also affects the Opera web-browser. According to him, he has found that the probable XSS (cross-site scripting) assaults consist of session cookie compromising, phishing page exhibition or web-server mapping on a network, and browser history monitoring.

While Chrome is inclined to lessen the flaw by using its security fix, Opera has opted otherwise. That's why, Opera has used the fix to lessen just one exploitation scenario among the three mentioned.

Moreover, the second vulnerability is related to the getSVGDocument technique, which seemingly is devoid of an access test. Consequently, an attacker can elude security policies and insert a malicious JavaScript in a website backing an SVG file. The vulnerability, which is rated as "highly" severe, is the discovery of Isaac Dawson another security investigator.

Ever since Google launched Chrome, the browser has been constantly influenced by security flaws and malicious attacks; therefore, the Internet giant is making all efforts to diffuse the flaws so that Chrome too becomes user-friendly and successful like Google.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 10/8/2009