Google Chrome is slowly becoming one of the favorite browser of internet users worldwide but this news may damper the enthusiasm you guys are feeling for Google’s latest browser.

A security evangelist from Kaspersky Lab, Ryan Narraine, reports that Google Chrome also inherited a potentially serious security flaw from the old version of WebKit it is based on. An attacker could easily trick users into launching an executable Java file by combining a flaw in WebKit with a known Java bug and some smart social engineering.

Aviv Raff, the Security Expert that first discovered this flaw, even setup a harmless demo of the exploit. (Note: This page will automatically download a Java file onto your desktop) You can safely click on the download, as it only opens up a notepad application written in Java.

They say that Google Chrome is vulnerable to carpet bombing attacks. All it takes is two click to plant the malware on Windows desktop. The problem here is that, after a user double-clicks the download at the bottom of the screen, this application is opened without any warning, which would allow a malicious hacker to easily execute any Java program on a user machine. The embarassing part for Google is that they emphasize the security in Chrome…

Apple already pathed Webkit against the carpet bombing issue when they release Safari 3.1.2. However, Google is using an older version of Webkit as the basis for Chrome.

This exploit will only work because of the social engineering behind it, this will trick users who are not yet familiar with Chromes interface into believing that the download is only a part of the webpage.

Ok, this may be the first flaw you hear about Google, let’s just hope that they build a patch for it faster than Apple did. These type of news dampens the enthusiasm people are feeling toward Google Chrome.