RSS Alerts

Related Stories

  • Now Koobface creates its own malicious web pages
    Koobface - the long-running worm which first appeared 12 months ago - is being customised by hackers to crack security systems on website hosting services, and so allow it to auto-create its own web pages.
  • Batten down the hatches
    Due to the horrifying quantity of vulnerabilities, and often limited time and budget, application and database security can be quite a headache. Limiting privileges and access, however, is a good place to start, finds Danny Bradbury
  • Leaving a trace
    IT forensics is seen by many in the industry as something of a black art. But it's actually a highly professional discipline, with professional software to assist, as Steve Gold discovers
  • German government asks its internet users to switch from Explorer
    The escalating saga of Google and its strained relations with China took an unexpected turn over the weekend with the German government – in what it calls an unprecedented move – warning internet users to stop using Internet Explorer because of security risks.
  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…

News

Security flaw exposed in Google Chrome

05 September 2008

Fresh after Google’s tenth birthday, the entrepreneurial company is facing reports that its new browser, Chrome, contains a security flaw, just a day after its release in beta.

Chrome was developed using an older version of the same open-source WebKit rendering engine used by Apple’s Safari web browser, which allows files to be automatically downloaded to a desktop without the user’s permission.

This means that malicious code can find its way onto a desktop in a ‘carpet-bomb attack’.

Google have denied the severity of the flaw, indicating that files would be downloaded into a particular folder.

According to a spokesperson for Google, some Windows Vista users had experienced files being downloaded onto their desktop, but that this was easily remedied by changing computer preferences.

The flaw was discovered by researcher Aviv Raff who commented that it was ‘very problematic.’

"They'll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time," Raff said.

Google have not revealed whether they will make any changes to Chrome, or upgrade to the more recent version of WebKit, which would assist in mitigating the problem with a dialogue box that asks the user if they would like to download each file.

Another less serious flaw in the browser was discovered by security researcher Rishi Narang, who found that a hacker could build a malicious link, which if clicked by a user, could cause Chrome to crash.

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water