/>
X
Innovation

Google Chrome vulnerable to data theft flaw

Google has seeded a new version of its Chrome browser to developers with fixes for a pair of security issues that could expose users to data theft.The issue, rated as a "moderate" risk could allow hackers to use HTML files to steal arbitrary files from a victim's machine.
Written by Ryan Naraine, Contributor on
Google has seeded a new version of its Chrome browser to developers with fixes for a pair of security issues that could expose users to data theft.

The issue, rated as a "moderate" risk could allow hackers to use HTML files to steal arbitrary files from a victim's machine.

Details below:

  • r4188 and r4827 Address an issue with downloaded HTML files being able to read other files on your computer and send them to sites on the Internet. We now prevent local files from connecting to the network using XMLHttpRequest()  and also prompt you to confirm a download if it is an HTML file.
    • Severity: Moderate. If a user could  be enticed to open a downloaded HTML file, this flaw could be exploited to send arbitrary files to an attacker.

The patch, which will eventually be rolled out via Chrome's automatic update feature, also adds new features around bookmarking and pop-up blocking.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Epson is going to stop selling laser printers. Here's why
piles-of-paper.jpg

Epson is going to stop selling laser printers. Here's why

Don't waste your money on these Apple products: December 2022 edition
Waiting in line for the Apple Store

Don't waste your money on these Apple products: December 2022 edition