More Google Chrome Vulnerabilities emerge

Martin — Thu, 11 Sep 2008 07:17:24 +0000

It has been about a week since the initial release of Google’s long awaited browser which marked Google’s entry into the browser market. The launch created buzz especially on the Internet where blogs and news portals raced to be the first to post interface screenshots, tests and reviews about Google Chrome.

Even the mainstream media picked the story up. It was not uncommon to see radio and tv stations report on the new Google Browser.

Just one day after the release the first security vulnerability emerged and others followed suite.

The latest vulnerabilities emerged yesterday with the releases of proof-of-concept exploits for several Google Chrome vulnerabilities. They were kicked of by Ukrainian researchers who discovered a vulnerability that would download files automatically to the users computer. They published three specifically prepared websites that would download files automatically to the user’s computer.

The second vulnerability is making use of a buffer overflow when saving pages which can result in remote code execution on the target system.

The vulnerability is caused due to a boundary error when handling the “SaveAs” function. On saving a malicious page with an overly long title ( tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users’ systems.</p></blockquote> <p>The discovery of the security vulnerabilities poses an interesting question. Why are that many security vulnerabilities discovered? Is it because the Google Chrome browser is more vulnerable than other browsers or could it be because security researchers worldwide started to flock to the browser in hopes of discovering vulnerabilities?</p> <p>The Google Chrome team <a href="http://blogs.zdnet.com/security/?p=1858">responded</a> to this vulnerabilities already and promised that a patched version of Google Chrome would be available later today.</p> Tags: <a href="http://www.ghacks.net/tag/google/" title="Google" rel="tag">Google</a>, <a href="http://www.ghacks.net/tag/google-browser/" title="google browser" rel="tag">google browser</a>, <a href="http://www.ghacks.net/tag/google-chrome/" title="google chrome" rel="tag">google chrome</a>, <a href="http://www.ghacks.net/tag/google-chrome-vulnerabilities/" title="google chrome vulnerabilities" rel="tag">google chrome vulnerabilities</a>, <a href="http://www.ghacks.net/tag/vulnerabilites/" title="vulnerabilites" rel="tag">vulnerabilites</a><br /> <h4>Related posts</h4> <ul class="st-related-posts"> <li><a href="http://www.ghacks.net/2009/07/10/why-google-chrome-os-will-have-no-huge-impact/" title="Why Google Chrome OS Will Have No Huge Impact (July 10, 2009)">Why Google Chrome OS Will Have No Huge Impact</a> (20)</li> <li><a href="http://www.ghacks.net/2009/05/24/portable-google-browser-google-chrome/" title="Portable Google Browser Google Chrome (May 24, 2009)">Portable Google Browser Google Chrome</a> (40)</li> <li><a href="http://www.ghacks.net/2009/05/14/one-step-closer-to-extension-support-in-google-browser/" title="One Step Closer To Extension Support In Google Browser (May 14, 2009)">One Step Closer To Extension Support In Google Browser</a> (2)</li> <li><a href="http://www.ghacks.net/2008/09/01/google-enters-the-browser-market-with-google-chrome/" title="Google Enters The Browser Market With Google Chrome (September 1, 2008)">Google Enters The Browser Market With Google Chrome</a> (10)</li> <li><a href="http://www.ghacks.net/2009/08/06/google-chrome-theme-website-live/" title="Google Chrome Theme Website Live (August 6, 2009)">Google Chrome Theme Website Live</a> (3)</li> </ul> </article> </main></body></html>

gHacks technology news » vulnerabilites

More Google Chrome Vulnerabilities emerge