Google Chrome glitch patched

JUST A DAY after Mozilla patched up Firefox, Google is doing the same with its Internet browser, Chrome, in order to deal with a particularly nasty security glitch.

The bug, which only affects the mainstream, stable version of the browser, was discovered by an IBM staffer by the name of Roi Saltzman, who discovered a major vulnerability to cross-site scripting attacks.

The flaw meant users with Google Chrome installed on their machines, who haplessly stumbled across an attacker-controlled web site whilst using alternative browser Internet Explorer, caused Chrome to launch itself, open a gaggle of tabs, then load and run scripts after navigating to a URL of the attacker's choice.

Google Chrome programme manager, Mark Larson, said in a blog post that the problem was "An error in handling URLs with a chromehtml: protocol".

He added the error "could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions".

The attack could only work if Chrome was installed on the target system but not actually running at the time.

Google's new version of its browser (1.0.154.59) updates automatically, so users don't need to download the fix themselves. µ