It has been about a week since the initial release of Google’s long awaited browser which marked Google’s entry into the browser market. The launch created buzz especially on the Internet where blogs and news portals raced to be the first to post interface screenshots, tests and reviews about Google Chrome.
Even the mainstream media picked the story up. It was not uncommon to see radio and tv stations report on the new Google Browser.
Just one day after the release the first security vulnerability emerged and others followed suite.
The latest vulnerabilities emerged yesterday with the releases of proof-of-concept exploits for several Google Chrome vulnerabilities. They were kicked of by Ukrainian researchers who discovered a vulnerability that would download files automatically to the users computer. They published three specifically prepared websites that would download files automatically to the user’s computer.
The second vulnerability is making use of a buffer overflow when saving pages which can result in remote code execution on the target system.
The vulnerability is caused due to a boundary error when handling the “SaveAs” function. On saving a malicious page with an overly long title (
tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users’ systems.</p></blockquote> <p>The discovery of the security vulnerabilities poses an interesting question. Why are that many security vulnerabilities discovered? Is it because the Google Chrome browser is more vulnerable than other browsers or could it be because security researchers worldwide started to flock to the browser in hopes of discovering vulnerabilities?</p> <p>The Google Chrome team <a href="http://blogs.zdnet.com/security/?p=1858">responded</a> to this vulnerabilities already and promised that a patched version of Google Chrome would be available later today.</p> <script type="text/javascript"><!-- google_ad_client = "pub-5406364303442190"; /* 234x60, created 2/11/08, ghacks, half, below */ google_ad_slot = "0909006492"; google_ad_width = 234; google_ad_height = 60; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> <br /> <b>Like such posts? Get updates via <a href="http://feeds.feedburner.com/Ghacksnet">RSS NEWS FEED</a>. <font color="red">Love Ghacks?</font> <a href="http://www.ghacks.net/2008/08/20/how-you-can-help-ghacks/">Find out how you can help!</a></b><br /><br /> <div><br /><b>Related Posts</b><br /> <!-- Generated by Simple Tags 1.5.7 - http://wordpress.org/extend/plugins/simple-tags --> <ul class="st-related-posts"> <li><a href="http://www.ghacks.net/2008/11/29/change-the-default-web-browser-in-the-system-tray/" title="Change The Default Web Browser In The System Tray (November 29, 2008)">Change The Default Web Browser In The System Tray</a> (4)</li> <li><a href="http://www.ghacks.net/2008/11/16/rapidshare-links-checker/" title="Rapidshare Links Checker (November 16, 2008)">Rapidshare Links Checker</a> (3)</li> <li><a href="http://www.ghacks.net/2008/11/15/what-will-our-it-and-internet-future-be-like/" title="What will our IT and internet future be like? (November 15, 2008)">What will our IT and internet future be like?</a> (5)</li> <li><a href="http://www.ghacks.net/2008/11/14/google-multi-column-view/" title="Google Multi-Column View (November 14, 2008)">Google Multi-Column View</a> (2)</li> <li><a href="http://www.ghacks.net/2008/11/13/if-google-went-down-what-would-you-do/" title="If Google Went Down What Would You Do? (November 13, 2008)">If Google Went Down What Would You Do?</a> (19)</li> <li><a href="http://www.ghacks.net/2008/11/11/google-reader-automatically-translates-feeds/" title="Google Reader Automatically Translates Feeds (November 11, 2008)">Google Reader Automatically Translates Feeds</a> (1)</li> <li><a href="http://www.ghacks.net/2008/10/30/new-microsoft-design-direction/" title="New Microsoft Design Direction (October 30, 2008)">New Microsoft Design Direction</a> (0)</li> <li><a href="http://www.ghacks.net/2008/10/29/google-chrome-dual-view/" title="Google Chrome Dual View (October 29, 2008)">Google Chrome Dual View</a> (8)</li> <li><a href="http://www.ghacks.net/2008/10/28/access-google-calendar-without-leaving-the-page/" title="Access Google Calendar Without Leaving The Page (October 28, 2008)">Access Google Calendar Without Leaving The Page</a> (11)</li> <li><a href="http://www.ghacks.net/2008/10/28/google-chrome-address-spoofing-vulnerability/" title="Google Chrome Address Spoofing Vulnerability (October 28, 2008)">Google Chrome Address Spoofing Vulnerability</a> (0)</li> </ul> </div> <!-- google_ad_section_end --> </div> </div> <div class="post_control"> <div class="right_social"> </div> <div class="left_social"></div> </div> </div> <div class="clearfix"></div> <!-- You can start editing here. --> <div id="comment_templates"> <div class="comment_count"> <div class="left_c"></div> <div class="right_c"><h2>3 Users Commented In This Post</h2><span class="rssfeed">Subscribe To This Post <a href='http://www.ghacks.net/2008/09/11/more-google-chrome-vulnerabilities-emerge/feed/'>Comment Rss</a> Or <a href="http://www.ghacks.net/2008/09/11/more-google-chrome-vulnerabilities-emerge/trackback/">TrackBack URL</a></span> </div> </div> <div class="entry_comment" id="comment-477086"> <div class="blogger_avatar"></div> <div class="comment_blogger"> <span class="talk_author"><a href='http://www.fromrss.com/?p=502' rel='external nofollow'>fromrss » Deux nouvelles failles pour Google Chrome</a> says: </span> <div class="talk_text"><div id="intelliTXT"><p>[...] : gHack.net [...]</p> </div></div> </div> </div> <div class="clearfix_coms"></div> <div class="entry_comment" id="comment-477106"> <div class="blogger_avatar"></div> <div class="comment_blogger"> <span class="talk_author"><a href='http://www.uploadsblog.com/2008/09/11/google-chrome-emergono-nuove-vulnerabilita/' rel='external nofollow'>» Google Chrome: Emergono nuove vulnerabilità - Uploads Blog.com</a> says: </span> <div class="talk_text"><div id="intelliTXT"><p>[...] Fonte gHacks [...]</p> </div></div> </div> </div> <div class="clearfix_coms"></div> <div class="entry_comment" id="comment-477107"> <div class="blogger_avatar"></div> <div class="comment_blogger"> <span class="talk_author"><a href='http://www.uploadsblog.com/2008/09/11/google-chrome-emergono-nuove-vulnerabilita/' rel='external nofollow'>» Google Chrome: Emergono nuove vulnerabilità - Uploads Blog.com</a> says: </span> <div class="talk_text"><div id="intelliTXT"><p>[...] Fonte gHacks [...]</p> </div></div> </div> </div> <div class="clearfix_coms"></div> <h5>Leave Your Comments Below</h5> <span class="something">Hello, please leave your thought below</span> <form action="http://www.ghacks.net/wp-comments-post.php" method="post"> <div id="comment_area"> <p><input type="text" name="author" id="author" value="" size="22" tabindex="1" /> <label for="author"><small>Name </small></label></p> <p><input type="text" name="email" id="email" value="" size="22" tabindex="2" /> <label for="email"><small>Email (will not be published) </small></label></p> <p><input type="text" name="url" id="url" value="" size="22" tabindex="3" /> <label for="url"><small>Website</small></label></p> <p><textarea name="comment" id="comment" cols="1" rows="10" tabindex="4"></textarea></p> </div> <p style="clear: both;" class="subscribe-to-comments"> <input type="checkbox" name="subscribe" id="subscribe" value="subscribe" style="width: auto;" /> <label for="subscribe">Notify me of followup comments via e-mail</label> </p> <p><input name="submit" type="image" id="s" value="Submit" src="http://www.ghacks.net/wp-content/themes/Ghacks2/images/sbm.gif" alt="submit" /><input type="hidden" name="comment_post_ID" value="6925" /></p> <em>Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times. </em> </form> </div> <div class="next_prepost"> </div> </div> <div id="sidebars"> <!-- google_ad_section_start(weight=ignore) --> <div class="top_sidebar"> </div> <div class="content_sidebar"> <div> <!-- BEGIN STANDARD TAG - 300 x 250 - GHacks.net: ROS - DO NOT MODIFY --> <script type='text/javascript' src='http://script.tailsweep.com/js/2/24/243422_mid_content.js'></script> </div> <div class="widget_sidebar"> <div class="widget_right"> <!-- init sidebar right widget --> <h2>Sponsors</h2> <ul class="sidebar_ul"> <li> <!-- BEGIN STANDARD TAG - 160 x 600 - GHacks.net: ROS - DO NOT MODIFY --> <script type="text/javascript" src="http://ad.yieldmanager.com/st?ad_type=ad&ad_size=160x600§ion=390373"></script><div id='beacon_3033094dae' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http://www.ghacks.net/openx-2.6.2/www/delivery/lg.php?bannerid=5&campaignid=6&zoneid=6&cb=3033094dae' width='0' height='0' alt='' style='width: 0px; height: 0px;' /></div><!-- END TAG --> </li> </ul> <h2>Friends</h2> <ul class="sidebar_ul"> <li><a href="http://www.connectedinternet.co.uk/" target="_blank">Connected Internet</a></li> <li><a href="http://www.donationcoder.com/" target="_blank">Donation Coder</a></li> <li><a href="http://www.firefoxmastery.com" target="_blank">Firefox Mastery</a></li> <li><a href="http://freewaregenius.com/" target="_blank">Freeware Genius</a></li> <li><a href="http://www.hackyourday.com/" target="_blank">Hack Your Day</a></li> <li><a href="http://www.raymond.cc" target="_blank">Raymond.CC</a></li> <li><a href="http://www.webinterdit.com/" target="_blank">Webinterdit</a></li> </ul> <h2>Partner Sites</h2> <ul class="sidebar_ul"> <li><a href="http://www.AskVG.com/" target="_blank">AskVG.com</a></li> <li><a href="http://www.fosfor.com/" target="_blank">Fosfor Gadgets</a></li> <li><a href="http://4peeps.com" target="_blank">4 Peeps</a></li> <li><a href="http://joeanderson.co.uk/blog/" target="_blank">Webby's World</a></li> <li><a href="http://gnomeslair.blogspot.com/" target="_blank">Gnome's lair</a></li> <li><a href="http://www.cypherhackz.net/" target="_blank">Malaysia Tech Blog</a></li> <li><a href="http://www.onetipaday.com/" target="_blank">One Tip a Day</a></li> <li><a href="http://windows7news.com/" target="_blank">Windows 7 News</a></li> <li><a href="http://www.worthbookmarking.com/" target="_blank">Worth Bookmarking</a></li> <li><a href="http://www.brothersoft.com/blog/" target="_blank">Brothersoft Blog</a></li> </ul> <h2>Translations</h2> <ul class="sidebar_ul"> <li><a href="http://de.ghacks.net/" target="_blank">Deutsch</a></li> <li><a href="http://cn.ghacks.net/" target="_blank">Chinese</a></li> <li><script type='text/javascript'>var tsId=243422;</script><script type='text/javascript' src='http://script.tailsweep.com/js/analytics.js'></script></li> </ul> <!-- end sidebar right widget --> </div> <div class="widget_left"> <!-- init sidebar left widget --> <h2>Follow This Blog</h2> <p><a href="http://feedproxy.google.com/Ghacksnet" rel="nofollow"><img src="http://feedproxy.google.com/~fc/Ghacksnet?bg=ffffff&fg=000000&anim=0" height="26" width="88" style="border:0" alt="" /></a></p> <h2>Ads</h2> <ul class="sidebar_ul"> <li> <script type="text/javascript"> Vertical1902 = false; ShowAdHereBanner1902 = true; RepeatAll1902 = false; NoFollowAll1902 = true; BannerStyles1902 = new Array( "a{display:block;font-size:11px;color:#888;font-family:verdana,sans-serif;margin:0 4px 10px 0;text-align:center;text-decoration:none;overflow:hidden;}", "img{border:0;clear:right;}", "a.adhere{color:#666;font-weight:bold;font-size:12px;border:1px solid #ccc;background:#e7e7e7;text-align:center;}", "a.adhere:hover{border:1px solid #999;background:#ddd;color:#333;}" ); document.write(unescape("%3Cscript src='"+document.location.protocol+"//s3.buysellads.com/1902/1902.js?v="+Date.parse(new Date())+"' type='text/javascript'%3E%3C/script%3E")); </script> </li></ul> <h2>Popular Articles</h2> <ul class="sidebar_ul"> <li><a href="http://www.ghacks.net/2005/12/09/free-file-host-list-december-2005/">File Host</a></li> <li><a href="http://www.ghacks.net/2007/02/14/list-of-free-music-sites/">Free Movie Sites</a></li> <li><a href="http://www.ghacks.net/2006/05/01/howto-watch-abc-tv-streams-outside-the-usa/">How to watch ABC TV</a></li> <li><a href="http://www.ghacks.net/2008/09/21/save-network-bandwidth/">Network Bandwidth</a></li> <li><a href="http://www.ghacks.net/2007/12/10/ways-to-open-office-docx-documents/">Open Docx</a></li> <li><a href="http://www.ghacks.net/2008/01/04/5-rapidshare-search-engines/">Rapidshare Search</a></li> <li><a href="http://www.ghacks.net/2008/09/21/vista-start-menu/">Vista Start Menu</a></li> <li><a href="http://www.ghacks.net/2005/12/19/watch-tv-with-your-pc/">Watch TV with your PC</a></li> <li><a href="http://www.ghacks.net/2006/08/04/free-web-proxy-list/">Web Proxy</a></li> <li><a href="http://www.ghacks.net/2008/10/02/windows-backup-software-deltacopy/">Windows Backup Software</a></li> <li><a href="http://www.ghacks.net/2008/10/01/windows-vista-theme-customization/">Windows Vista Theme</a></li> </ul> <!-- <ul class="sidebar_ul"> - default sidebar ul with arrow link--> <!-- <ul class="plugins"> - optional sidebar ul with no arrow link --> <!-- init sidebar left widget --> </div> </div> <div class="google_search"> <ul class="sidebar_ul"> <li> <script language="javascript"> zoneIdentifier="9DB78AF03B7E60AB"; var varCheckURL = (("https:" == document.location.protocol) ? "https://" : "http://"); document.write(unescape("%3Cscript src='" + varCheckURL + "adcode.technoratimedia.com/bootstrap/tti.js' type='text/javascript'%3E%3C/script%3E")); </script> </li> </ul> <h2>Site Search</h2> <ul class="sidebar_ul"> <li> <form id="searchform" method="get" action="http://www.ghacks.net"> <div> <input type="text" name="s" id="s" size="50" /><br /> <input type="submit" value="Search" /> </div> </form> </li> </ul> </div> </div> <!-- google_ad_section_end --> <div class="bottom_sidebar"> </div> </div> <div id="footer"> <div id="footer_content"> <div class="footer_right"></div> <div class="footer_left"> <font color="white">©2005-2008 Martin Brinkmann</font> - <a href="http://www.ghacks.net/privacy-policy/" target="_blank">Privacy Policy</a> - <a href="http://www.ghacks.net/about-us/">About Us</a> </div> </div> </div> </div> </div> </div> <!-- start Vibrant Media IntelliTXT script section --> <script type="text/javascript" src="http://ghacks.de.intellitxt.com/intellitxt/front.asp?ipid=7780"></script> <!-- end Vibrant Media IntelliTXT script section --> </body> </html>