problem was discovered in Google's new web browser, Google Chrome, that would have allowed an attacker to launch and run scripts on a compromised machine. The issue, originally discovered by Roi Saltzman of the IBM Rational Application Security Research Group, had been given a security rating of "high." Interestingly enough, although the attack takes advantage of security issues in Google Chrome, the initial entry point for the malicious code would have taken place in Internet Explorer.Earlier this month, a
Goolge has now released a patch for this issue. If you want to make sure your browser is up-to-date, click through for the instructions.
About the Security Issue(s)
According to researcher, Roi Saltzman, a malicious attacker can use three separate issues in parts of Chrome to create attacks that endanger users who surf to a malicious web site using Internet Explorer. Chrome program manager, Mark Larson, explains that the flaw could have caused Google Chrome to "launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice." (Yes, it seems that to get the malicious code working, a user would still need to be surfing with IE.)
How to Fix Your Copy of Chrome
Now that a patch is available, you can update Google Chrome on your own. Even if you never run IE, it's always a good idea to have the latest version of Chrome installed. Although Google says that the browser will update itself automatically, on my machine, the update had not yet taken place on my ever-open copy of Chrome - I had to force the update manually.
If you want to do the same, you'll need to first click on the Settings menu in Chrome. This is the menu to the right of the address bar which is identified with an icon resembling a wrench. In that menu, click the option "About Google Chrome." If you need the update, it will begin automatically. Once complete, you'll be prompted to close and then reopen the browser for the update to finish installing.
To be extra sure that the update took, you can return to that menu option after relaunching Chrome and make sure that the version number reads 220.127.116.11.