RSS Alerts

Related Stories

  • More problems with Adobe's security updates revealed
    Hard on the heels of problems with Adobe's security update strategies identified this week, it now seems that the installation software used by Adobe for its Reader and Flash applications has a security flaw.
  • Now Koobface creates its own malicious web pages
    Koobface - the long-running worm which first appeared 12 months ago - is being customised by hackers to crack security systems on website hosting services, and so allow it to auto-create its own web pages.
  • Batten down the hatches
    Due to the horrifying quantity of vulnerabilities, and often limited time and budget, application and database security can be quite a headache. Limiting privileges and access, however, is a good place to start, finds Danny Bradbury
  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.
  • Leaving a trace
    IT forensics is seen by many in the industry as something of a black art. But it's actually a highly professional discipline, with professional software to assist, as Steve Gold discovers

News

Security flaw exposed in Google Chrome

05 September 2008

Fresh after Google’s tenth birthday, the entrepreneurial company is facing reports that its new browser, Chrome, contains a security flaw, just a day after its release in beta.

Chrome was developed using an older version of the same open-source WebKit rendering engine used by Apple’s Safari web browser, which allows files to be automatically downloaded to a desktop without the user’s permission.

This means that malicious code can find its way onto a desktop in a ‘carpet-bomb attack’.

Google have denied the severity of the flaw, indicating that files would be downloaded into a particular folder.

According to a spokesperson for Google, some Windows Vista users had experienced files being downloaded onto their desktop, but that this was easily remedied by changing computer preferences.

The flaw was discovered by researcher Aviv Raff who commented that it was ‘very problematic.’

"They'll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time," Raff said.

Google have not revealed whether they will make any changes to Chrome, or upgrade to the more recent version of WebKit, which would assist in mitigating the problem with a dialogue box that asks the user if they would like to download each file.

Another less serious flaw in the browser was discovered by security researcher Rishi Narang, who found that a hacker could build a malicious link, which if clicked by a user, could cause Chrome to crash.

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water