Chrome web page scraping flaws in the Google Chrome browser can be exploited to obtain private information, researchers said.
The flaw is in the way web pages are created, but Google hasn’t fixed the issue yet.
It’s possible that a malicious web page can create an anonymous page that uses the same cookies that are used by other pages on the internet, which could be used to identify users, and potentially access their data, said John Resig, a researcher with security company Trend Micro.
The vulnerability is due to an out-of-date version of Google Chrome that only runs in Google Chrome OS, which doesn’t support extensions and is used primarily by Chrome OS.
A malicious web site could create an unsigned, untrusted extension, allowing an attacker to use it to access private information on an unsecured device.
Resig’s research was published on Tuesday.
“We found a way to get sensitive information that could potentially compromise a user’s identity by spoofing the address bar or adding a blank line,” Resig said.
“This information can be used for phishing campaigns or even for malicious code.
It is possible that these attacks are part of a widespread botnet.”
Google is investigating the issue, and is working on a fix.
The Google Chrome team said it has fixed the problem.
“The issue in the latest version of Chrome is being worked on and will be corrected in the next release,” a Google spokeswoman said.
“We apologize for any inconvenience this has caused.”
The Chrome team’s fix is in place in Chrome version 45.0.1457.22, which is the latest stable version of the browser.
The researchers said the flaw has been in use for about three months, and that the problem is likely a result of Chrome not being updated to support extensions.
Google said the issue was fixed in February, but they are still working to fix the issue in Chrome 45.
It doesn’t appear the issue affects Chrome OS users.
Google Chrome is used by almost three million websites on the web.
Google has not commented on the vulnerability.
The researcher said he discovered the issue by reading the privacy settings in Chrome’s settings menu.
“I started reading the settings and noticed that there were several settings that seemed to be hiding a lot of information,” he said.
“I then went into the browser’s Privacy tab and clicked on the Show All Privacy dialog box and found that there was a lot more private information than I’d ever seen before.”
These settings seem to be hidden by default and that this has become the default setting for all Chrome users.
It has also caused my Chrome browser to be unresponsive for a long time.
“Google has said that it is working with security experts to identify the vulnerability, and has promised a patch is coming.