Google has seeded a new version of its Chrome browser to developers with fixes for a pair of security issues that could expose users to data theft.
The issue, rated as a "moderate" risk could allow hackers to use HTML files to steal arbitrary files from a victim's machine.
- r4188 and r4827 Address an issue with downloaded HTML files being able to read other files on your computer and send them to sites on the Internet. We now prevent local files from connecting to the network using XMLHttpRequest() and also prompt you to confirm a download if it is an HTML file.
- Severity: Moderate. If a user could be enticed to open a downloaded HTML file, this flaw could be exploited to send arbitrary files to an attacker.
The patch, which will eventually be rolled out via Chrome's automatic update feature, also adds new features around bookmarking and pop-up blocking.