MHTML is a simple container format that combines several documents in a single file (MIME encapsulation), albeit not commonly used on the web, employed by Microsoft IE to save downloaded pages to disk, also embraced by a hand-full of third-party applications to deliver HTML-based documentations.
Google has recommended that concerned users should consider deploying Microsoft's temporary Fix it Script to block this attack, however, Google's security team have partnered with Microsoft to arrive at a permanent fix soon.
In addition, Google has employed several server-side defenses to make the MHTML vulnerability more difficult to exploit.
This leveraging vulnerability is unique been a web-level exploit, as opposed to exploitations directly compromising users systems. And it represents a new level vulnerabilities to interact with web services, of which perfectly blocking the offending input patterns is highly unlikely, until the problem is addressed by the vendor through Windows Update.
Sign up here with your email