Google Chrome security flaws
p2pnet news view Products | Security:- Ooops.
“Google Chrome’s password manager failed more tests than any other browser I’ve tried,” says Chapin Information Services’ Robert Chapin in a p2pnet Reader’s Write.
Now, “Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks,” says ZDNet, going on:
“Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities - a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference - to trick users into launching executables direct from the new browser.
“Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.”
Raff’s proof-of-concept code shows how two mouse clicks are all that’s needed to plant malware on Windows desktops, says the story, also pointing out the user-agent shows Chrome is in fact WebKit 525.13 (Safari 3.1), an outdated/vulnerable version of that browser.
“Apple patched the carpet-bombing issue with Safari v3.1.2,” ZDNet says, adding some Windows Vista users are reporting downloaded files are, “automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks”
Stay tuned.
p2pnet - Chrome? Meh, September 3, 2008
ZDNet - Google Chrome vulnerable to carpet-bombing flaw, September 3, 2008
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php
September 3rd, 2008 at 11:00 am
chrome also apparently includes a clause in it’s EULA which gives google the right to use any copyrighted material you upload through it for whatever they want, there’s an article on the register about it here: http://www.theregister.co.uk/2008/09/03/google_chrome_eula_sucks/ . needless to say, i think i’ll stick with firefox.
September 3rd, 2008 at 1:45 pm
i’m willing to try it out just to see if it works more efficiently than FireFox… if it’s faster than Firefox and isn’t IE, then i’ll use it
September 3rd, 2008 at 2:52 pm
For me, that’s the biggest reason for using different browsers. Malware forced me to format my hard drive recently. The good news is that this is a beta version and hopefully Google will be able to resolve this issue by the time 1.0 is released.
September 3rd, 2008 at 6:09 pm
well besides all the security issues how about the privacy issues.
is google going to collect data on the websites you visit and create a big database on it???
September 3rd, 2008 at 11:59 pm
can you open this file please …..ya ok im sure there are osme noobs still left but come on thats it , shortly to be fixed i am sure…..
and the EULA issue was fixed YOUR data = your copyright!
September 4th, 2008 at 6:01 am
Speed is not really a defining issue for browsers anymore. There is only one defining issue nowadays: SECURITY.
September 4th, 2008 at 11:30 am
Installs googleupdate.exe and doesn’t delete it if you uninstall, also keeps running it when you kill it. WTH.
September 4th, 2008 at 5:43 pm
I noticed that googleupdate.exe thing too. I removed it from HKLM…Run and it hasn’t been back since.
September 5th, 2008 at 5:30 am
Is it just me or is the fact that Chrome works outside of “Program Files” a HUGE security flaw? (Check my link to my blog)
Cheers,
/Magnus