Google Chrome vulnerable to carpet-bombing flaw

[b]Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.

[/b]

http://blogs.zdnet.com/security/?p=1843&tag=nl.e539

I started this as a new topic because so many are using the Beta, And I want to get the word out.

And Another:

DoS vulnerability hits Google’s Chrome, crashes with all tabs

Rishi Narang from Evil Fingers is typing and releasing a proof of concept for a denial of service vulnerability that is successfully crashing the Chrome browser with all tabs.

http://blogs.zdnet.com/security/?p=1847

Hi marc57,

Well sorry to hear about the new vulnerabilities, with scandoo pre-scanning and using DrWeb online url checker as a bookmark, you can do a lot here, also we can run webshield in the browser or privoxy for that matter. The browser’s main flaw is Safary, but is a strange beast “Mozilla/5.0 (Windows, U, Windows NT 5.1, en-US) AppleWebKit/525.13 (KHTML, like Gecko /0.2.149.27 Safari.525.13”,
the scanit Browser Security Test was flawless,

polonus

Thanks for sharing Marc… indeed not good news…

Hi Tech,

But what I cannot seem to understand is, who is launching a browser with Safari 525.13 while these flaws were repaired with a newer version of the Safari browser, rather reckless of Google.
I think it is fair to say that with Windows we should run IE (let M$ folks manage the bugs and holes there, it is their cup of tea anayways) and that alternate browsers should run on an Open Software platform where they pose very little threat (Firefox, Flock, Google Chrome).
It is a pity that it is such a big hurdle for the millions to make the switch to Open Software, and when you have a Windows box at home and at work some may think M$ equals the word computing,

polonus

Glad to help Tech.

Well it is based on Safari’s rendering engine (WebKit) so it makes sense that it will also be vulnerable to some of the same exploits as safari