ghacks Technology News

Google Chrome Security Vulnerability

Now this did not take long. Only one day after releasing a first public beta version of Google Chrome researchers at Kaspersky discovered (Thanks Neil for sending the tip) a security vulnerability that combines a security flaw in Webkit, the browser engine used by Google Chrome, with a Java bug. Apple fixed the vulnerability in Safari back in July after two months of doing nothing about it and it will be interesting to see how fast Google will react to the security vulnerability.

The reason why this vulnerability is still working in Google Chrome is because Google has been using an older version of Webkit for their browser’s core. First of all, users without Java on their computers are completely safe. Users with Java and Chrome installed should read on.

The problem is serious but requires the user’s action to be triggered. If the user clicks on a specifically prepared download the file downloads and executes itself automatically without further user input.

Security expert Aviv Raff has setup a demo website that demonstrates the vulnerability in Google Chrome. The demonstration page provides a download button which will download and execute a Java file immediately without further user interaction. This demo only opens a notepad application but serious harm could be done with such an exploit.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

Google Chrome Address Spoofing Vulnerability
Google Chrome Stable Security Update April 2011
Google Chrome 2 Security Update
Java Update Addresses Critical Security Vulnerability
Google Chrome Stable Security Update



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Wednesday September 3, 2008 -
Tags:, , , , ,


Responses so far:

  1. darkkosmos says:

    Way before you, I’ve already got a google chrome user only link on my site xDDD

  2. Is it just me or is the fact that Chrome works outside of “Program Files” a HUGE security flaw? (Check my link to my blog)

    Cheers,

    /Magnus

  3. it looks simple & faster than other browser but sad to know about the Vulnerabilities

  4. WizzKid (Neil) says:

    Thanks for mentioning me :)

  5. film fan says:

    there are so many advantages and features with Chrome, such as it’s speed, for example; now if only they would take care it’s quirky cookie management…

  6. one more feature is Chrome gets fixes silently downloads and installs

  7. Chrome will be able to compete in more decent terms than Firefox was ever to do against IE.
    Chrome rules, it is like Firefox, but with better minds behind. I hope FF disappears and every effort is set up to continue the good line of Chrome.

  8. Your Friend says:

    Hello Dear,
    very smart..

  9. Big D says:

    Hey everybody, i was wondering if there is a way of disabeling or cracking the A10 version of Bios of a dell computer from the guess account. I tried this comand from Dos-promp
    -o 70 2e hit enter
    -o 71 ff hit enter
    -q hit enter
    and exit but dost seem to work from the guess account.
    Anybody has an Idea let me know ,
    thanks

  10. Nadir says:

    When was d last time dis page was updated.??
    Has google still not fixd d prob?? probs rather..

  11. Does anybody know of a downloadable patch for this? thanks

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us