Google Chrome's Dev channel has been updated to version 220.127.116.11. This release fixes a few minor bugs, and updates Gears to 0.5.8.0 to fix an occasional crash in some sites with offline applications enabled.
Gears Cross-Origin Worker VulnerabilityCVE: CVE-2008-5258A vulnerability in Gears could allow an attacker to run code in the context of a site that serves user-controlled files. To exploit this, an attacker needs to upload a malicious file to the victim's site and convince the user to allow the attacker's site to use Gears.Severity: High. Even though this requires convincing users to allow a third-party site to use Gears, it could allow data theft and cross-site scripting on sites hosting user-created content, even those that do not use Gears.Credit: Thanks to Yair Amit, Senior Security Researcher, IBM Rational Application Security Research Team for responsibly reporting the issue to Google.