Pureoverclock: PC Hardware reviews and news for overclockers!

 
 
 
 
 

More info on early Goolge Chrome vulnerabilities

0
Posted September 4, 2008 by admin in News

One vulnerability would allow hackers to crash the browser. Security researcher Rishi Narang described the issue on the SecuriTeam Web site and posted a proof of concept at Evilfingers. According to Narang, a hacker could build a malicious link that includes an undefined handler followed by a certain character. When a user clicks on the link, Chrome crashes.

Another, potentially more serious vulnerability could result in Chrome users downloading malicious code. The problem is due, in part, to the fact that Google uses an older version of WebKit, the open-source browser technology also used in Apple’s Safari browser, that includes the vulnerability.

Discovered by researcher Aviv Raff, the problem lies in the way Chrome downloads files and the way Windows handles the downloaded files, he said.

Chrome’s default setting downloads files into a folder. It then displays a download bar at the bottom of the browser page. Users click on the bar to open the file. If the file is an executable, Windows displays a warning, which can help users avoid inadvertently downloading malicious code.



0 Comments



Be the first to comment!


Leave a Response

(required)


Find us on Google+