MS Finds Security Flaw In Google Chrome Frame 214
Christmas Shopping writes with this excerpt from Kaspersky Labs' threatpost: "Back in September, when Google launched the Google Chome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure. Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a 'high risk' security vulnerability that could allow an attacker to bypass cross-origin protections."
"Google has hurried out a patch," he adds.
At least they patched it (Score:5, Interesting)
Re:At least they patched it (Score:1, Interesting)
Patch Tuesday is the fault of the big corporate customers, who demanded that patches be released on a schedule so they had more time to plan around testing and rolling them out.
I don't like it either, but it's not like it's something MS made up just to piss us off, they're doing exactly what their customers have asked for.
A true statement but not fully accurate. The reason they went to Patch Tuesday is, as you pointed out, at the request of their corporate users. What you don't point out is that the reason behind the request was because Microsoft was pushing out patches every time you turned around, in some cases daily. Some of these so called patches weren't just "fixes" but new functionality or functionality changes, not something addressing security vulnerabilities. Many times these functionality changes, and some of the security fixes, caused existing systems to stop working with no warning. This is why the corporate users really requested a scheduled patch system, they were tired of unexpected updates breaking the systems.
Re:Dude (Score:4, Interesting)
> in much the same way that Google doesn't go looking for software bugs in Microsoft products.
You need to keep a closer eye on Microsoft bulletins, it actually happens regularly.
http://www.google.com/search?hl=en&q=site:microsoft.com+Google+intitle:"Microsoft+Security+Bulletin" [google.com]
Re:Shut up? (Score:5, Interesting)
Yeah. For once, this case was conducted in a civilized manner, much to my own surprise. Yes, I admit I am surprised, because I expected a slightly different modus operandi from a company like Microsoft, with a uber-competitive, testosterone-saturated corporate culture. This, for me, more than any other, is a proof that Microsoft is changing.
Re:Expected (Score:3, Interesting)
You do realize that ActiveX is an industry standard, supported by the Open Group (you now, the same people that standardized X Windows).
http://www.opengroup.org/pubs/catalog/ax01.htm [opengroup.org]