Google Chrome Beta Update: Sicherheitslücken von Gears geschlossen

Chrome

Google hat vor kurzem ein Beta Update für Google Chrome veröffentlicht. Die Version 0.4.154.29 dient laut Changelog der Sicherheit und wird in den nächsten 48 Stunden an alle Nutzer verteilt.

Änderungen:

This release upgrades Gears to 0.5.4.2 to address a security issue with Gears 0.5.4.0 and earlier versions:

Gears Cross-Origin Worker Vulnerability
CVE: CVE-2008-5258
A vulnerability in Gears could allow an attacker to run code in the context of a site that serves user-controlled files. To exploit this, an attacker needs to upload a malicious file to the victim’s site and convince the user to allow the attacker’s site to use Gears.

Severity: High. Even though this requires convincing users to allow a third-party site to use Gears, it could allow data theft and cross-site scripting on sites hosting user-created content, even those that do not use Gears.
Credit: Thanks to Yair Amit, Senior Security Researcher, IBM Rational Application Security Research Team for responsibly reporting the issue to Google.

» Ankündigung im Google Chrome Releases Blog



Teile diesen Artikel:

Facebook twitter Pocket Pocket