Microsoft Finds Security Flaw in Google Chrome Frame

Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections.

Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.

Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections.

[ ALSO SEE: Inside the Google Chrome OS Security Model ]

Here’s the explanation from Google’s Mark Larson:

  • Severity: High. An attacker could have bypassed cross-origin protections. Although important, “High” severity issues do not permit persistent malware to infect a user’s machine. We’re unaware of any exploitation of this issue.

The search technology company has shipped a new version of the Google Chrome Frame (version 4.0.245.1) with a patch for the vulnerability.

The plug-in update also fixes several bugs:

    * Network requests fail randomly.
    * Fix issues with CFInstall.js to better detect compatible OS and browser versions, allow users to cancel the installation frame, and not cache the isAvailable result.
    * Don’t use Google Chrome Frame for frames or iframes.
    * Follow redirects properly.
    * IE8 freezing intermittently.
    * Remove data directories on uninstall.

“All users should be updated automatically,” Larson said.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business