Google puts the shine back into Chrome

Chrome flaw was rated severe by Google

Google has released an updated version of its Chrome browser, fixing a severe security issue.

The problem, which was discovered earlier this month, would have allowed an attacker to launch and run scripts of their choosing on a compromised machine.

Google said today that the issue, which was discovered and reported by Roi Saltzman of the IBM Rational Application Security Research Group in March, had a 'High' severity rating.

According to Mark Larson, Chrome programme manager, the flaw "could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice", if they visited a maliciously coded web page in Internet Explorer.

In his initial report, Saltzman wrote, "Using three separate issues that reside in various parts of Google Chrome a malicious attacker can craft powerful attacks that endanger any user that browses a malicious site using Internet Explorer and has Google Chrome installed.

"[The issues] may result in highly dangerous attack vector as demonstrated in the attack vectors section. The most severe impact of the vulnerabilities described in this document is achieving a successful Cross-Site Scripting attack on an arbitrary site. An XSS attack enables numerous other attacks: an attacker could steal a victim's cookies, steal saved form filler data, modify user-browsing experience and facilitate phishing attacks."

Google said that although Chrome would update itself automatically on user machines, some human intervention, in the form of a manual shutdown and restart, would be necessary.