Google在9月份为Internet Explorer用户提供了Google Chrome Frame插件,微软当时就发出警告,声称插件将增加攻击面,降低IE的安全性。现在,软件巨人终于在Google Chrome Frame中发现了一个“高危”安全漏洞,能允许攻击者绕过Cross-Origin保护。而搜索巨人已经匆匆发布了补丁修复这一漏洞,Google Chrome Frame最新版本4.0.245.1已解决该问题。 Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a "high risk" security vulnerability that could allow an attacker to bypass cross-origin protections.[ ALSO SEE: Inside the Google Chrome OS Security Model ]Here"s the explanation from Google"s Mark Larson:Severity: High. An attacker could have bypassed cross-origin protections. Although important, "High" severity issues do not permit persistent malware to infect a user"s machine. We"re unaware of any exploitation of this issue. The search technology company has shipped a new version of the Google Chrome Frame (version 4.0.245.1) with a patch for the vulnerability.The plug-in update also fixes several bugs: * Network requests fail randomly. * Fix issues with CFInstall.js to better detect compatible OS and browser versions, allow users to cancel the installation frame, and not cache the isAvailable result. * Don"t use Google Chrome Frame for frames or iframes. * Follow redirects properly. * IE8 freezing intermittently. * Remove data directories on uninstall."All users should be updated automatically," Larson said.Novell eDirectory HTTPSTK web服务器栈溢出漏洞谷歌Chrome OS必知的10点安全常识相关资讯 漏洞 Google Chrome OS
易网时代-编程资源站