Browser Security News

Google Inc. has patched Chrome to prevent attackers from stealing files from PCs running the open-source browser. The update, however, has not been pushed out to most users yet. Google quashed the bug in a developer-only version of Chrome that has not been sent to all users via the browser’s update mechanism.

Chrome users, however, can reset the browser to receive all updates, including the developer editions, with the Channel Chooser plug-in. Chrome 0.4.154.18, which was released Tuesday, fixes a vulnerability that could be used by hackers to read files on a user’s machine, then transfer them to their own malicious servers. "We now prevent local files from connecting to the network with XMLHttpRequest() and also prompt you to confirm a download if it is an HTML file," Mark Larson, Chrome’s program manager, said in an entry to the browser’s developer blog. Google patches Chrome file-stealing bug