Google Half-Plugs Chrome Security Holes
Article by George Norman
On 23 Oct 2008
The security issue in question refers to the carpet bombing vulnerability that influences several browser packages. The expert to discover the security vulnerabilities within Chrome is Israeli researcher Aviv Raff. He is also the one that says Google did a halfcocked job of fixing the problem. The proof-of-concept code that Aviv Raff released last month showed how an attacker could be successful by exploiting a vulnerability combo within WebKit and Java. An unsuspecting user can be easily fooled into downloading a JAR file which will be automatically executed without the user being aware of it. Google has issued a fix, but there is a catch – only developer versions of Chrome can get it. There are of course some users with enough technical skills to get the update anyway, but this does not mean it is available to the general public, the “point and click” type of user. This is not the first time that Google takes a swing at solving the carpet bombing vulnerability. Their first attempt was back in September, but the “desktop is not the default download location” workaround definitely wasn’t enough. The current fix addresses the manner in which Chrome handles potentially harmful downloads. The way this works is by downloading executable files to “unconfirmed_*.download files” and converting them back to their original name only after the user confirms the download (clicks the Save button). All unconfirmed downloads are automatically deleted when you shut down Google Chrome. This is where Aviv Raff puts an interesting question: what if the browser crashes and the unconfirmed downloads are not deleted? Keep in mind that the Google Chrome browser is still in its Beta phase, so crashes are expected to happen. If the browser does crash and the files are not deleted, you may end up with malware on your machine.



Tags: Google, Google Chrome, Scurity
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 17 May 2017
Google once again drew our attention to the fact that the way people watch TV is fundamentally changing. This time, Google highlighted the fact that watching YouTube on a TV screen is on the increase, with 2 out of 3 YouTube viewers saying that they watch YouTube on their TVs.
By George Norman on 21 Jun 2017
Fidget spinners, the toys that the internet loves to hate, have managed to grab Google’s attention. The search engine is offering a virtual fidget on desktop as well as mobile. Simply search for "spinner" and Google Search will bring up a fidget spinner quick answer card.
By George Norman on 27 Apr 2017
The new McAfee has a new mobile app to offer: McAfee Mobile Booster (Boost & Clean). But since the new McAfee isn’t really new, neither is this mobile app. So to get things started, the first important...
By George Norman on 14 Aug 2017
Opera Max, the Android app that uses compression technology to help you save data and get up to 50% more from your data plan, has been discontinued. The app is no longer featured on Opera.com and it’s no longer listed on Google Play.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Google Half-Plugs Chrome Security Holes
HTML Linking Code