<<Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.
Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.>>
http://blogs.zdnet.com/security/?p=1843
http://blogoscoped.com/files/google-chrome-security.png |
I think the first vuln was the one pointed out by Juha-Matti Laurio @ http://blogoscoped.com/forum/139142.html#id139643
and now we have one more http://www.milw0rm.com/exploits/6355
|
I don't see this as a vulnerability. You already know that Chrome doesn't show dialogs when downloading files, but there's a small box at the bottom of the window that shows the status of your downloads. There's an option to change this behavior.
|
[moved]
[personal attack removed] Google Chrome has 2 very very important security holes. Which can let some bad webmasters upload exe files to your computers without your prompt!! Go ahead and continue loving Google Chrome. When your computer suddenly shuts down and when you realize all your data is gone dont blame anybody but Google Chrome..
go and read www.computersake.com sometimes.. and be aware of that kind of security issues!!! |
> I don't see this as a vulnerability.
What do you mean by "this"? From the article:
<<Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.
Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.>>
I.e. the report talks about "launching executables". |
You still need to click on Chrome's button to launch the executable or the Java file. That page "lures" you by using a huge arrow pointed towards Chrome's downloading manager.
raffon.net/research/google/chrome/carpet.html |
I think you're right that the arrow isn't too convincing. Still, I think it is a vulnerability because Google Chrome (using default options) should never, ever allow any webpage to save a file to the user desktop without popping up some dialog first asking for confirmation. Since when are web pages allowed to drop stuff on the desktop? Is that *expected* behavior by Google? |