Microsoft Uncovers Vulnerability in Google Chrome Plug-in for IE

Microsoft uncovers a vulnerability in a controversial Google plug-in for Internet Explorer that could be exploited to bypass cross-origin protections. Google patched the issue this week in an update.

Microsoft researchers uncovered a flaw in the Google Chrome Frame plug-in for users of Internet Explorer.

According to Google, which patched the problem Nov. 18 with an update, the vulnerability could be exploited to bypass cross-origin protections.

The plug-in-which injects Google Chrome's rendering engine into Internet Explorer-has been a source of controversy between Microsoft and Google in the past. In September, Microsoft warned that the plug-in made IE less secure, not due to any specific vulnerability, but rather the very idea of the plug-in itself.

"Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts," a Microsoft spokesperson said at the time. "This is not a risk we would recommend our friends and families take."

Google defended its actions, stating that the plug-in brought Chrome's Web technologies to IE. Crediting Microsoft with finding the recent issue, Google noted that the vulnerability does not permit "persistent malware to infect a user's machine." The company said it is unaware of any exploitation of the issue.

The plug-in update also fixes several common crashes and a handful of other bugs.