Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Finds Security Flaw In Google Chrome Frame

Posted by timothy on from the they're-the-experts dept.

Christmas Shopping writes with this excerpt from Kaspersky Labs' threatpost: "Back in September, when Google launched the Google Chome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure. Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a 'high risk' security vulnerability that could allow an attacker to bypass cross-origin protections." "Google has hurried out a patch," he adds.

4 of 214 comments (clear)

  1. At least they patched it by santax · · Score: 4, Interesting

    And not wait another week until it's patch-Tuesday.

  2. Re:Dude by Anonymous Coward · · Score: 4, Interesting

    > in much the same way that Google doesn't go looking for software bugs in Microsoft products.

    You need to keep a closer eye on Microsoft bulletins, it actually happens regularly.

    http://www.google.com/search?hl=en&q=site:microsoft.com+Google+intitle:"Microsoft+Security+Bulletin"

  3. Re:Shut up? by blind+biker · · Score: 4, Interesting

    Yeah. For once, this case was conducted in a civilized manner, much to my own surprise. Yes, I admit I am surprised, because I expected a slightly different modus operandi from a company like Microsoft, with a uber-competitive, testosterone-saturated corporate culture. This, for me, more than any other, is a proof that Microsoft is changing.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
  4. Re:Expected by man_of_mr_e · · Score: 2, Interesting

    You do realize that ActiveX is an industry standard, supported by the Open Group (you now, the same people that standardized X Windows).

    http://www.opengroup.org/pubs/catalog/ax01.htm

    --
    If you need web hosting, you could do worse than here