Microsoft slates June update to block IE8 abuse

Reacts to Black Hat disclosure of potential manipulation of IE8's cross-site scripting filter

By , Computerworld |  Security, IE8

Other browsers, including Google's Chrome, also offer cross-site scripting filtering . But according to Lindsay, Chrome users are not at risk to the same kind of abuse.

"Chrome's neutering technique is to completely block [the] page," said Lindsay in a direct message via Twitter. "This is preferred over modifying [the] response" as did Microsoft's browser. "IE8 header now allows the same."

Coincidentally, Google patched seven security vulnerabilities in the "stable" Windows version of Chrome earlier today, including two related to cross-site scripting .

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is .

Read more about security in Computerworld's Security Knowledge Center.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question