Now this did not take long. Only one day after releasing a first public beta version of Google Chrome researchers at Kaspersky discovered (Thanks Neil for sending the tip) a security vulnerability that combines a security flaw in Webkit, the browser engine used by Google Chrome, with a Java bug. Apple fixed the vulnerability in Safari back in July after two months of doing nothing about it and it will be interesting to see how fast Google will react to the security vulnerability.
The reason why this vulnerability is still working in Google Chrome is because Google has been using an older version of Webkit for their browser’s core. First of all, users without Java on their computers are completely safe. Users with Java and Chrome installed should read on.
The problem is serious but requires the user’s action to be triggered. If the user clicks on a specifically prepared download the file downloads and executes itself automatically without further user input.
Security expert Aviv Raff has setup a demo website that demonstrates the vulnerability in Google Chrome. The demonstration page provides a download button which will download and execute a Java file immediately without further user interaction. This demo only opens a notepad application but serious harm could be done with such an exploit.
Related posts:
- Google Chrome Address Spoofing Vulnerability
- Google Chrome 2 Security Update
- More Google Chrome Vulnerabilities emerge
- Google Chrome 4 Security Update
- Google Chrome Anonymizer
- Google Chrome And Firefox Extensions Differences
- New Google Mail Security Vulnerability Emerges
- Java Security Update Released
Way before you, I’ve already got a google chrome user only link on my site xDDD
Is it just me or is the fact that Chrome works outside of “Program Files” a HUGE security flaw? (Check my link to my blog)
Cheers,
/Magnus
it looks simple & faster than other browser but sad to know about the Vulnerabilities
Thanks for mentioning me :)
there are so many advantages and features with Chrome, such as it’s speed, for example; now if only they would take care it’s quirky cookie management…
one more feature is Chrome gets fixes silently downloads and installs
Chrome will be able to compete in more decent terms than Firefox was ever to do against IE.
Chrome rules, it is like Firefox, but with better minds behind. I hope FF disappears and every effort is set up to continue the good line of Chrome.
Hello Dear,
very smart..
Hey everybody, i was wondering if there is a way of disabeling or cracking the A10 version of Bios of a dell computer from the guess account. I tried this comand from Dos-promp
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
and exit but dost seem to work from the guess account.
Anybody has an Idea let me know ,
thanks
When was d last time dis page was updated.??
Has google still not fixd d prob?? probs rather..
Does anybody know of a downloadable patch for this? thanks