Security flaw exposed in Google Chrome

Chrome was developed using an older version of the same open-source WebKit rendering engine used by Apple’s Safari web browser, which allows files to be automatically downloaded to a desktop without the user’s permission.

This means that malicious code can find its way onto a desktop in a ‘carpet-bomb attack’.

Google have denied the severity of the flaw, indicating that files would be downloaded into a particular folder.

According to a spokesperson for Google, some Windows Vista users had experienced files being downloaded onto their desktop, but that this was easily remedied by changing computer preferences.

The flaw was discovered by researcher Aviv Raff who commented that it was ‘very problematic.’

"They'll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time," Raff said.

Google have not revealed whether they will make any changes to Chrome, or upgrade to the more recent version of WebKit, which would assist in mitigating the problem with a dialogue box that asks the user if they would like to download each file.

Another less serious flaw in the browser was discovered by security researcher Rishi Narang, who found that a hacker could build a malicious link, which if clicked by a user, could cause Chrome to crash.

What’s Hot on Infosecurity Magazine?