gHacks Technology News | Latest Tech News, Software And Tutorials » google chrome security vulnerability http://www.ghacks.net A technology news blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Sat, 11 Feb 2012 09:52:46 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Google Chrome Security Vulnerabilityhttp://www.ghacks.net/2008/09/03/google-chrome-security-vulnerability/ http://www.ghacks.net/2008/09/03/google-chrome-security-vulnerability/#comments Wed, 03 Sep 2008 21:41:19 +0000 Martin Brinkmann http://www.ghacks.net/?p=6748 Now this did not take long. Only one day after releasing a first public beta version of Google Chrome researchers at Kaspersky discovered (Thanks Neil for sending the tip) a security vulnerability that combines a security flaw in Webkit, the browser engine used by Google Chrome, with a Java bug. Apple fixed the vulnerability in Safari back in July after two months of doing nothing about it and it will be interesting to see how fast Google will react to the security vulnerability.

The reason why this vulnerability is still working in Google Chrome is because Google has been using an older version of Webkit for their browser’s core. First of all, users without Java on their computers are completely safe. Users with Java and Chrome installed should read on.

The problem is serious but requires the user’s action to be triggered. If the user clicks on a specifically prepared download the file downloads and executes itself automatically without further user input.

Security expert Aviv Raff has setup a demo website that demonstrates the vulnerability in Google Chrome. The demonstration page provides a download button which will download and execute a Java file immediately without further user interaction. This demo only opens a notepad application but serious harm could be done with such an exploit.

]]> http://www.ghacks.net/2008/09/03/google-chrome-security-vulnerability/feed/ 22