Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3Rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Does Chrome flout Vista security zones?

p2pnet news view Security | Products:- p2pnet has already pointed to two potentially serious security holes in Google’s new browser hope.

Not only but also, it, “Installs googleupdate.exe and doesn’t delete it if you uninstall, also keeps running it when you kill it,” posts hahaha.

And, “I noticed that googleupdate.exe thing too,” says Robert Chapin. “I removed it from HKLM…Run and it hasn’t been back since.”

Now there’s has a new concern.

“Is it just me or does Chrome work outside of ‘Program Files’, a HUGE security flaw?” – wonders Magnus Mårtensson in a p2pnet Reader’s Write?

Mårtensson points to his Techie.notepad on which he writes »»»

I posted last night about some things regarding Chrome: Google Chrome the good and the pettyOne thing immediately got commented by my friend and colleague Håkan Reis. I thought he’d comment more on the UX bits I posted since he’s very focused on that area. But he put another issue at the top of the list. I concur that this actually warrants a post of it’s own!

Google Chrome installs under your local user settings. In my case its the folder C:\Users\Magnus\AppData\Local\Google\Chrome\Application. This means we now have an app running outside of Vistas regular security zones.

You need elevated rights in Vista to modify files that lie under C:\Program Files but not to modify files under C:\Users\<your user>\. This means that any app that might run on your machine can do what ever changes to the Chrome application that it wishes!

This ensues a major security issue for Chrome! Or did I miss something in Security 101?

Cheers,
/Magnus

Stay tuned.

Add to Technorati Favorites

serious security hole – Google Chrome security flaws, September 4, 2008

Use free p2pnet newsfeeds for your site. It’s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.

This entry was posted on Friday, September 5th, 2008 at 8:11 am and is filed under Product News, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 7440 times

« previous p2pnet headline roundup, September 4, 2008
RIAA v Greubel: ’settled’ next »

3 Responses to “Does Chrome flout Vista security zones?”

  1. hahaha Says:
    September 5th, 2008 at 10:30 am

    btw i am hahaha and it took killing it 3 tiems before it decided to stay away, and yes entry is still in registry being watched.

    AND that was on XP

  2. Mostly Harmless Says:
    September 5th, 2008 at 7:22 pm

    Shit can be made to shine like Chrome…

  3. Robert Chapin Says:
    September 9th, 2008 at 10:41 am

    In XP, Chrome seems to install at %userprofile%\Local Settings\Application Data\Google\Chrome\

    Among other things, this means HKML…Run is the wrong registry key to start up the GoogleUpdate process.

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
TekSavvy


Remove Spyware with AntiSpyware for Windows®