According to Dirson's Google-Blog, a new version of the Google Toolbar (Version 2.0.114.5) fixes the security vulnerabilty that was reported on last week.
I half-errantly reported that the vulnerability was only susceptible to a Local Computer Zone exploit. It appears that this is only true if your Windows XP machine was updated with IE6 Service Pack 1.
Google Toolbar users could suffer an 'HTML injection' exploit due to a vulnerability in MSIE and its "res:" and "file:" protocols. Gregory R. Panakkal, the person who found this flaw, says that these two protocols have been made inaccessible from the Internet Zone with IE6-SP1 onwards. It is still possible to inject code remotely on an unpatched IE.
The revision history for the Google Toolbar is not yet reflecting this new version information. It is not even reporting the recent version update which changed the PR checksum either.
Via InsideGoogle
No comments:
Post a Comment