Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.
Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections.****
[ ALSO SEE: Inside the Google Chrome OS Security Model ]
Here’s the explanation from Google’s Mark Larson:
The search technology company has shipped a new version of the Google Chrome Frame (version 22.214.171.124) with a patch for the vulnerability.
The plug-in update also fixes several bugs:
“All users should be updated automatically,” Larson said.