Now this did not take long. Only one day after releasing a first public beta version of Google Chrome researchers at Kaspersky discovered (Thanks Neil for sending the tip) a security vulnerability that combines a security flaw in Webkit, the browser engine used by Google Chrome, with a Java bug. Apple fixed the vulnerability in Safari back in July after two months of doing nothing about it and it will be interesting to see how fast Google will react to the security vulnerability.
The reason why this vulnerability is still working in Google Chrome is because Google has been using an older version of Webkit for their browser’s core. First of all, users without Java on their computers are completely safe. Users with Java and Chrome installed should read on.
The problem is serious but requires the user’s action to be triggered. If the user clicks on a specifically prepared download the file downloads and executes itself automatically without further user input.
Security expert Aviv Raff has setup a demo website that demonstrates the vulnerability in Google Chrome. The demonstration page provides a download button which will download and execute a Java file immediately without further user interaction. This demo only opens a notepad application but serious harm could be done with such an exploit.
Related posts:
Google Chrome Address Spoofing VulnerabilityGoogle Chrome 2 Security Update
More Google Chrome Vulnerabilities emerge
Google Chrome Anonymizer
Google Chrome And Firefox Extensions Differences
Google Releases Google Chrome 3
Google Browser: Google Chrome And Chromium Download
Google Chrome 2.0 released
21 Responses to “Google Chrome Security Vulnerability”
Trackbacks/Pingbacks
-
[...] : gHack.net [...]
-
[...] Security Vulnerabilities – Only one day after being released a security vulnerability was found that combines a security flaw in Webkit, the browser engine used by Google Chrome, with a Java bug. This is only one of the many bugs that have been found in the recent days. (source) [...]
-
[...] voir comment la communauté des développeurs va se comporter, comment Google va réagir face aux failles de sécurité, et comment le produit va évoluer pour devenir compatibles mutli-plateformes et comment Google va [...]
-
[...] Já apareceu uma vulnerabilidade. [...]
-
[...] There seams to be at least one good reason NOT to start using Chrome… Share and Enjoy: These icons link to social bookmarking sites where readers can share and [...]
-
[...] had actually read about a security threat in Chrome a few days back, which can be traced to its Webkit Engine. But I didn’t pay much [...]
-
[...] ever be completely secure. One day after release of the first public beta, Chrome was found to have a security vulnerability that exploits Webkit and a Java bug. Shortly thereafter, a critical buffer overflow vulnerability was identified by a Vietnamese [...]
-
[...] ever be completely secure. One day after release of the first public beta, Chrome was found to have a security vulnerability that exploits Webkit and a Java bug. Shortly thereafter, a critical buffer overflow vulnerability was identified by a Vietnamese [...]
-
[...] the browser is indeed well-done from a security standpoint, but that doesn’t mean that Google hasn’t had to patch up holes. If Chrome-the-OS is as safe as the browser, it’ll be a point in its favor. But it [...]
-
[...] had actually read about a security threat in Chrome a few days back, which can be traced to its Webkit Engine. But I didn’t pay much [...]
Way before you, I’ve already got a google chrome user only link on my site xDDD
Is it just me or is the fact that Chrome works outside of “Program Files” a HUGE security flaw? (Check my link to my blog)
Cheers,
/Magnus
it looks simple & faster than other browser but sad to know about the Vulnerabilities
Thanks for mentioning me :)
there are so many advantages and features with Chrome, such as it’s speed, for example; now if only they would take care it’s quirky cookie management…
one more feature is Chrome gets fixes silently downloads and installs
Chrome will be able to compete in more decent terms than Firefox was ever to do against IE.
Chrome rules, it is like Firefox, but with better minds behind. I hope FF disappears and every effort is set up to continue the good line of Chrome.
Hello Dear,
very smart..
Hey everybody, i was wondering if there is a way of disabeling or cracking the A10 version of Bios of a dell computer from the guess account. I tried this comand from Dos-promp
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
and exit but dost seem to work from the guess account.
Anybody has an Idea let me know ,
thanks
When was d last time dis page was updated.??
Has google still not fixd d prob?? probs rather..
Does anybody know of a downloadable patch for this? thanks