A bug has been found in the browser, or more precisely, in its user interface, called Chrome. Using certain extensions or plugins, an attacker could scan your computer to see what applications and data you have available. A more serious attack might be mounted later, using this information.

The vulnerable are those in a so-called flat file, not in a .jar or Java archive file. and are two such plugins that use the flat file structure, and both have been updated to prevent this exploit. Mozilla, the publisher of Firefox, is working on a fix to this problem, but it is not ready yet. The attack works by enticing you to visit a malicious Web site, from which your PC gets scanned.

I have never liked browser extensions, because they can compromise the security of the browser, as we see in this example. However, there is an extension for Firefox called NoScript. It blocks all Javascript, Java, Flash, etc. by default, from all Web sites you visit.

You choose which individual sites you trust enough to allow to run code on your computer, by simply clicking an icon. In other words, you create a whitelist, or safe list, of sites which are allowed to run code in your browser. Check it out here: http://noscript.net/

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here:
= > http://MyPCSecuritySite.com

You may include these Tips in your web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!