On April 8, Roi Saltzman of the IBM Rational Application Security Research Group reported a flaw in Google’s Chrome browser that could allow cross-scripting attacks. Now Google has released a new version of the browser that fixes the problem, CNET reports.
Chrome has automatic updates, so users need do nothing other than restart the browser after an update.
In a blog posting, Mark Larson, Google Chrome program manager, wrote:
"An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions."
