Internet Explorer + Google Chrome = security problem

Summary:Security problems surrounding protocol handling and Web browsers have surfaced again -- this time with Google Chrome and Microsoft's Internet Explorer.According to an advisory from the Google Chrome team, there's an error in handling URLs with the a chromehtml: protocol that could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.

Security problems surrounding protocol handling and Web browsers have surfaced again -- this time with Google Chrome and Microsoft's Internet Explorer.

According to an advisory from the Google Chrome team, there's an error in handling URLs with the a chromehtml: protocol that could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.

[ SEE: Command injection flaw found in IE: Or is it Firefox? ]

The skinny:

  • If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice.

The "high severity" vulnerability affects Google Chrome versions 1.0.154.55 and earlier.

It can be exploited by malicious hackers to launch universal cross-site scripting (UXSS) attacks without user interaction under certain conditions.

[ SEE: Mozilla caught napping on URL protocol handling flaw ]

IBM's Roi Saltzman, the researcher credited with finding and reporting the issue to Google, has released an advisory (word .doc) to explain the attack vectors and impact.

He warns that the flaw opens the door to two major attack vectors:

  • Bypass the Same Origin Policy restrictions for any site (this has the same impact as Universal XSS)
  • Enumerate victim's local files and directories

"It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles' heel and has been widely used previously to attack other various applications," Saltzman said.  Proof-of-concept code for this issue is publicly available.

Microsoft maintains the problems are not related to vulnerabilities in its code.

Topics: Security, Browser, Google, Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.