Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Finds Security Flaw In Google Chrome Frame

Posted by timothy on from the they're-the-experts dept.

Christmas Shopping writes with this excerpt from Kaspersky Labs' threatpost: "Back in September, when Google launched the Google Chome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure. Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a 'high risk' security vulnerability that could allow an attacker to bypass cross-origin protections." "Google has hurried out a patch," he adds.

5 of 214 comments (clear)

  1. At least they patched it by santax · · Score: 4, Interesting

    And not wait another week until it's patch-Tuesday.

    1. Re:At least they patched it by Anonymous Coward · · Score: 1, Interesting

      Patch Tuesday is the fault of the big corporate customers, who demanded that patches be released on a schedule so they had more time to plan around testing and rolling them out.

      I don't like it either, but it's not like it's something MS made up just to piss us off, they're doing exactly what their customers have asked for.

      A true statement but not fully accurate. The reason they went to Patch Tuesday is, as you pointed out, at the request of their corporate users. What you don't point out is that the reason behind the request was because Microsoft was pushing out patches every time you turned around, in some cases daily. Some of these so called patches weren't just "fixes" but new functionality or functionality changes, not something addressing security vulnerabilities. Many times these functionality changes, and some of the security fixes, caused existing systems to stop working with no warning. This is why the corporate users really requested a scheduled patch system, they were tired of unexpected updates breaking the systems.

  2. Re:Dude by Anonymous Coward · · Score: 4, Interesting

    > in much the same way that Google doesn't go looking for software bugs in Microsoft products.

    You need to keep a closer eye on Microsoft bulletins, it actually happens regularly.

    http://www.google.com/search?hl=en&q=site:microsoft.com+Google+intitle:"Microsoft+Security+Bulletin"

  3. Re:Shut up? by blind+biker · · Score: 4, Interesting

    Yeah. For once, this case was conducted in a civilized manner, much to my own surprise. Yes, I admit I am surprised, because I expected a slightly different modus operandi from a company like Microsoft, with a uber-competitive, testosterone-saturated corporate culture. This, for me, more than any other, is a proof that Microsoft is changing.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
  4. Re:Expected by man_of_mr_e · · Score: 2, Interesting

    You do realize that ActiveX is an industry standard, supported by the Open Group (you now, the same people that standardized X Windows).

    http://www.opengroup.org/pubs/catalog/ax01.htm

    --
    If you need web hosting, you could do worse than here