Google Chrome is slowly becoming one of the favorite browser of internet users worldwide but this news may damper the enthusiasm you guys are feeling for Google’s latest browser.
A security evangelist from Kaspersky Lab, Ryan Narraine, reports that Google Chrome also inherited a potentially serious security flaw from the old version of WebKit it is based on. An attacker could easily trick users into launching an executable Java file by combining a flaw in WebKit with a known Java bug and some smart social engineering.
Aviv Raff, the Security Expert that first discovered this flaw, even setup a harmless demo of the exploit. (Note: This page will automatically download a Java file onto your desktop) You can safely click on the download, as it only opens up a notepad application written in Java.
They say that Google Chrome is vulnerable to carpet bombing attacks. All it takes is two click to plant the malware on Windows desktop. The problem here is that, after a user double-clicks the download at the bottom of the screen, this application is opened without any warning, which would allow a malicious hacker to easily execute any Java program on a user machine. The embarassing part for Google is that they emphasize the security in Chrome…
Apple already pathed Webkit against the carpet bombing issue when they release Safari 3.1.2. However, Google is using an older version of Webkit as the basis for Chrome.
This exploit will only work because of the social engineering behind it, this will trick users who are not yet familiar with Chromes interface into believing that the download is only a part of the webpage.
Ok, this may be the first flaw you hear about Google, let’s just hope that they build a patch for it faster than Apple did. These type of news dampens the enthusiasm people are feeling toward Google Chrome.
Related posts:
- Google Offers Chromes First Update
Google’s Chrome Web Browser was released earlier this month and Chrome’s first update s now...
- iPhone Security Flaw
If you think that your private information are safe in your iPhone and nobody can...
- Google Chromes Strangely Obvious Ancestry
Googles just launched their new open source web browser called Google Chrome and it is...
- New Open Source Web Browser called Google Chrome
Google will be releasing a new open source web browser, they call it Google Chrome....
- Chrome for the Android says Google Co-Founder
Google’s new open source browsers is for PC’s today but Google co-founder Sergey Brin believes...
- Great Things About Google’s Chrome
Google Chrome is already making a name, why? because it probably have some of the...
- Google Chrome OS is Official
After nine months since Google released the Google Chrome Browse, Google today (July 7,2009)0 announced...
- WordPress 2.8.4 Security Update
WordPress development team issued a Security Update after a discovery of a vulnerability involving a...
- Google Android 1.0 SDK Now Available
Following the release of the first Android-based phone – the T-Mobile G1- Google Android’s 1.9...
- Google Fixes “Jailbreaked” G1′s in Their Next Update
It only took Google a few days to find the vulnerability that hackers exploited to...
