First Google Chrome vulnerability found - Google Blogoscoped Forum

Forum

First Google Chrome vulnerability found
Philipp Lenssen	Wednesday, September 3, 2008 15 years ago • 5,740 views
<<Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks. Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.>> http://blogs.zdnet.com/security/?p=1843 http://blogoscoped.com/files/google-chrome-security.png
Rohit Srivastwa	15 years ago #
I think the first vuln was the one pointed out by Juha-Matti Laurio @ http://blogoscoped.com/forum/139142.html#id139643 and now we have one more http://www.milw0rm.com/exploits/6355
Ionut Alex. Chitu	15 years ago #
I don't see this as a vulnerability. You already know that Chrome doesn't show dialogs when downloading files, but there's a small box at the bottom of the window that shows the status of your downloads. There's an option to change this behavior.
Brandon Miles	15 years ago #
[moved] [personal attack removed] Google Chrome has 2 very very important security holes. Which can let some bad webmasters upload exe files to your computers without your prompt!! Go ahead and continue loving Google Chrome. When your computer suddenly shuts down and when you realize all your data is gone dont blame anybody but Google Chrome.. go and read www.computersake.com sometimes.. and be aware of that kind of security issues!!!
Philipp Lenssen	15 years ago #
> I don't see this as a vulnerability. What do you mean by "this"? From the article: <<Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser. Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.>> I.e. the report talks about "launching executables".
Ionut Alex. Chitu	15 years ago #
You still need to click on Chrome's button to launch the executable or the Java file. That page "lures" you by using a huge arrow pointed towards Chrome's downloading manager. raffon.net/research/google/chrome/carpet.html
Philipp Lenssen	15 years ago #
I think you're right that the arrow isn't too convincing. Still, I think it is a vulnerability because Google Chrome (using default options) should never, ever allow any webpage to save a file to the user desktop without popping up some dialog first asking for confirmation. Since when are web pages allowed to drop stuff on the desktop? Is that expected behavior by Google?

Advertisement

Blog | Forum more >> Archive | Feed | Google's blogs | About

Advertisement

This site unofficially covers Google™ and more with some rights reserved. Join our forum!