Google Blogoscoped

Forum

First Google Chrome vulnerability found

Philipp Lenssen [PersonRank 10]

Wednesday, September 3, 2008
11 years ago4,946 views

<<Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.>>

blogs.zdnet.com/security/?p=18 ...


blogoscoped.com/files/google-c ...

Rohit Srivastwa [PersonRank 10]

11 years ago #

I think the first vuln was the one pointed out by Juha-Matti Laurio @ blogoscoped.com/forum/139142.h ...

and now we have one more milw0rm.com/exploits/6355

Ionut Alex. Chitu [PersonRank 10]

11 years ago #

I don't see this as a vulnerability. You already know that Chrome doesn't show dialogs when downloading files, but there's a small box at the bottom of the window that shows the status of your downloads. There's an option to change this behavior.

Brandon Miles [PersonRank 0]

11 years ago #

[moved]

[personal attack removed] Google Chrome has 2 very very important security holes. Which can let some bad webmasters upload exe files to your computers without your prompt!! Go ahead and continue loving Google Chrome. When your computer suddenly shuts down and when you realize all your data is gone dont blame anybody but Google Chrome..

go and read www.computersake.com sometimes.. and be aware of that kind of security issues!!!

Philipp Lenssen [PersonRank 10]

11 years ago #

> I don't see this as a vulnerability.

What do you mean by "this"? From the article:

<<Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.

Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.>>

I.e. the report talks about "launching executables".

Ionut Alex. Chitu [PersonRank 10]

11 years ago #

You still need to click on Chrome's button to launch the executable or the Java file. That page "lures" you by using a huge arrow pointed towards Chrome's downloading manager.

raffon.net/research/google/chrome/carpet.html

Philipp Lenssen [PersonRank 10]

11 years ago #

I think you're right that the arrow isn't too convincing. Still, I think it is a vulnerability because Google Chrome (using default options) should never, ever allow any webpage to save a file to the user desktop without popping up some dialog first asking for confirmation. Since when are web pages allowed to drop stuff on the desktop? Is that *expected* behavior by Google?

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!