Google Chrome Security Bypass and Cross-Site Scripting Security Advisory

Posted by: Admin in Security Advisory on Sep 17, 2009

Tagged in: vulnerability , security , google , chrome , advisory

security warning

This Security Advisory was delivered as a customer service announcement by Hanzo Host to help our customers
and friends keep their systems up-to-date against the latest vulnerabilities.

Security Advisory

Google Chrome Security Bypass and Cross-Site Scripting

 

Info:

Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.

  1. An error in the processing of RSS and Atom feeds can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
  2. An error in the "getSVGDocument" method can be exploited to bypass the Same-Origin-Policy and execute arbitrary HTML and script code in a user's browser session in context of a site hosting an SVG document.

Solution:

Upgrade to the latest version of Chrome

 

 

If you have any questions please contact Support by raising a ticket via the Customer Portal

Many thanks!