Serious Security Flaw in Google Chrome

September 4th, 2008     by Paras Wadehra    

Security expert Aviv Raff discovered a flaw in the newly released Google Chrome browser. He set up a demo of the exploit here. This will download a java file to your desktop if you are using Chrome.

Chrome also has a potentially serious security flaw from the old version of WebKit it is based on. An attacker could easily trick users into launching an executable Java file by combining a flaw in WebKit with a known Java bug and some smart social engineering.

Meanwhile, researcher Rishi Narang disclosed another flaw that causes Chrome to crash just by visiting a malicious link and without user interaction. He setup a Proof of Concept at http://evilfingers.com/advisory/google_chrome_poc.php

This is especially embarrassing for Google as it promoted security in the new browser in its press release and even in the demo video they have on their website.

Bookmark and Share

Del.icio.us Del.icio.us     Digg Digg     Technorati Technorati     Furl Furl     reddit reddit

Post a Comment

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 4 chars within 0..9 and A..F, and submit the form.

  

Oh no, I cannot read this. Please, generate a