The iPad has landed.

Join Obsessable Sign In

Google Earth busts marijuana farm, Street View van hits deer Get ready for more ads in online television

Chrome 1.0.154.46 adds bugfixes, performs masquerade trick

The browser gets Hotmail to work by pretending to be Apple's Safari.

Digg del.icio.us Facebook StumbleUpon Twitter

Computing | by Stephen Schenck | Fri Jan 30, 2009 12:34PM | 0 comments

Google has a new version of its Chrome browser out, fixing the bug leading to the clickjacking vulnerability we discussed yesterday, as well as including an interesting work-around for certain website compatibility problems.

Chrome 1.0.154.46 closes a hole that hackers might have been able to use to implement a certain kind of clickjacking attack, one that disguises a website to trick you into interacting with it in a way you normally wouldn't. This particular patch keeps individual frames on a page from being able to interact with each other inappropriately. If a hacker were to slip a nasty frame into a site you normally use, say, by packing it into an ad banner or something similar, that frame could then access the other, legitimate parts of the page.

The fix for Hotmail compatibility is a bit funnier than a dry security patch. Hotmail wasn't behaving correctly when you tried to connect to the site with Chrome. It's not that Chrome was doing anything wrong, but that Hotmail's servers freaked out when you tried to access with the browser. Google's solution? Pretend to be another browser. Now whenever you connect to Hotmail, Chrome changes its user agent string, a bit of text that tells servers what web browser and OS you're using, to tell Hotmail that you're actually running Safari. When Microsoft's servers think you're running Apple's browser, they behave just fine.

The Hotmail team is aware of the issue and plans to fix it when it gets around to next updating its code. We're just glad Google is a little faster on the draw. The new Chrome is available now in both beta and stable versions.

This story around the web:

Trusted sources:
external link Google fakes out Hotmail for Chrome support |… [news.cnet.com]
external link Google Chrome Releases: Stable, Beta update:… [googlechromereleases.blogspot.com]
external link Google Chrome Spoofing User Agent at Hotmail [blogoscoped.com]
external link Browser Wars: Google Chrome Accesses Hotmail… [lifehacker.com]

Get more information on topics relating to this story:


Related company news:
Apple, Google, Microsoft
Related glossary terms:
Clickjacking, User agent
Related brand news:
Apple Safari
Related devices and services:
Google Chrome, Hotmail, Apple Safari

Comments

Add a comment Inappropriate or promotional comments may be removed.

Add a comment

Click one of the three commenter types below. Member comments are added immediately once you confirm your email address. Anonymous comments are moderated by our editorial staff.

I want to comment as a new member an existing member anonymously

Email me

  

Comment Preview
Anonymous (11:06 AM on Tue Feb 9, 2010)

Preview your comment here.

Inappropriate or promotional comments may be removed. To create a clickable link, simply type the URL (including http://) and we will make a link for you. Line breaks and paragraphs are automatically converted — no need to use <p> or <br> tags, but if you're into that kind of thing, you can use any of the following tags: b, i, strong, em, a (href only), p and br.