Author Topic: Google Chrome vulnerable to carpet-bombing flaw  (Read 3459 times)

0 Members and 1 Guest are viewing this topic.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Google Chrome vulnerable to carpet-bombing flaw
« on: September 03, 2008, 05:46:59 PM »
Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.



http://blogs.zdnet.com/security/?p=1843&tag=nl.e539



I started this as a new topic because so many are using the Beta, And I want to get the word out.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Google Chrome vulnerable to carpet-bombing flaw
« Reply #1 on: September 03, 2008, 06:08:41 PM »
And Another:

DoS vulnerability hits Google’s Chrome, crashes with all tabs

Rishi Narang from Evil Fingers is typing and releasing a proof of concept for a denial of service vulnerability that is successfully crashing the Chrome browser with all tabs.

http://blogs.zdnet.com/security/?p=1847
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33437
  • malware fighter
Re: Google Chrome vulnerable to carpet-bombing flaw
« Reply #2 on: September 03, 2008, 06:46:48 PM »
Hi marc57,

Well sorry to hear about the new vulnerabilities, with scandoo pre-scanning and using DrWeb online url checker as a bookmark, you can do a lot here, also we can run webshield in the browser or privoxy for that matter. The browser's main flaw is Safary, but is a strange beast "Mozilla/5.0 (Windows, U, Windows NT 5.1, en-US) AppleWebKit/525.13 (KHTML, like Gecko /0.2.149.27 Safari.525.13",
the scanit Browser Security Test was flawless,

polonus

« Last Edit: September 03, 2008, 06:55:48 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Google Chrome vulnerable to carpet-bombing flaw
« Reply #3 on: September 03, 2008, 07:54:08 PM »
Thanks for sharing Marc... indeed not good news...
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33437
  • malware fighter
Re: Google Chrome vulnerable to carpet-bombing flaw
« Reply #4 on: September 03, 2008, 08:08:50 PM »
Hi Tech,

But what I cannot seem to understand is, who is launching a browser with Safari 525.13 while these flaws were repaired with a newer version of the Safari browser, rather reckless of Google.
I think it is fair to say that with Windows we should run IE (let M$ folks manage the bugs and holes  there, it is their cup of tea anayways) and that alternate browsers should run on an Open Software platform where they pose very little threat (Firefox, Flock, Google Chrome).
It is a pity that it is such a big hurdle for the millions to make the switch to Open Software, and when you have a Windows box at home and at work some may think M$ equals the word computing,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Google Chrome vulnerable to carpet-bombing flaw
« Reply #5 on: September 03, 2008, 08:11:21 PM »
Thanks for sharing Marc... indeed not good news...


Glad to help Tech.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5092
Re: Google Chrome vulnerable to carpet-bombing flaw
« Reply #6 on: September 04, 2008, 04:30:12 AM »
Well it is based on Safari's rendering engine (WebKit) so it makes sense that it will also be vulnerable to some of the same exploits as safari
"People who are really serious about software should make their own hardware." - Alan Kay