Are that many security vulnerabilities of Google Chrome coming to light because it is less secure than other web browsers? Or is it because everyone is putting more effort into discovering vulnerabilities because it is Google’s browser? Whatever it is; No week passes by without the discovery of a new security vulnerability in Google Chrome.
The latest security vulnerability was discovered by researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing who discovered a way to spoof the address that is shown in the browser’s address bar. His proof of concept demonstration makes use of a button and Javascript. A user pressing the button will see an url change in the browser’s address bar. A look in the source code however reveals that the user is still on the same site and not at the website shown in the address bar.
The flaw could be used to display a PayPal button (or Google Checkout) on a website that would lead to a fake website where the user’s login credentials could be easily fished.
Google will release an end user update soon that will fix the security vulnerability. The only safe thing to do until then is to either switch to Dev Channel builds for the time being that already have a fix included or stop using Google Chrome until the security vulnerability has been patched.
One could think that other browsers based on Webkit are vulnerable as well. This is not the case however according to Liu Die Yu who attributed the security vulnerability to code added by Google developers.
Related posts:
Google Chrome Security VulnerabilityMore Google Chrome Vulnerabilities emerge
Google Chrome Nightly Builds Downloader
Google Chrome Backup
Google Chrome Installer fails with error 4
