Wadehra Archive

Serious Security Flaw in Google Chrome

Security expert Aviv Raff discovered a flaw in the newly released Google Chrome browser. He set up a demo of the exploit here. This will download a java file to your desktop if you are using Chrome.

Chrome also has a potentially serious security flaw from the old version of WebKit it is based on. An attacker could easily trick users into launching an executable Java file by combining a flaw in WebKit with a known Java bug and some smart social engineering.

Meanwhile, researcher Rishi Narang disclosed another flaw that causes Chrome to crash just by visiting a malicious link and without user interaction. He setup a Proof of Concept at http://evilfingers.com/advisory/google_chrome_poc.php

This is especially embarrassing for Google as it promoted security in the new browser in its press release and even in the demo video they have on their website.

IE8 Beta 2 Launched

The IE team launched IE8 Beta 2 which can be downloaded at http://www.microsoft.com/ie8.

You can watch videos of IE8 at http://video.msn.com/video.aspx?mkt=en-us&user=-3161786097973413883 and http://www.microsoft.com/windows/internet-explorer/beta/videos.aspx. IE8 is a very developer friendly browser. You can download add-ons for IE8 at http://www.ieaddons.com/. Some of my favorite add ons include Web Slices and Accelerators.

Some cool features of IE8 Beta 2 include color-coded tabbed-browsing and accelerator support. Accelerators are services that you access directly from the webpage in the context of what you’re doing, letting you bookmark, define, email, map and more with a simple selection. Even your search providers are available as Accelerators. Some Accelerators provide previews so that you can view the result without having to leave the current webpage. Clicking on an Accelerator opens a new tab with the full result. You can download accelerators from http://www.ieaddons.com/en/accelerators/

Also, there is better support for when website you are viewing in a tab crashes - now instead of closing the whole IE window along with other tabs open in the same window, only the tab with the crashing website will close!