Google Half-Plugs Chrome Security Holes
The security issue in question refers to the carpet bombing vulnerability that influences several browser packages. The expert to discover the security vulnerabilities within Chrome is Israeli researcher Aviv Raff. He is also the one that says Google did a halfcocked job of fixing the problem.
The proof-of-concept code that Aviv Raff released last month showed how an attacker could be successful by exploiting a vulnerability combo within WebKit and Java. An unsuspecting user can be easily fooled into downloading a JAR file which will be automatically executed without the user being aware of it.
Google has issued a fix, but there is a catch – only developer versions of Chrome can get it. There are of course some users with enough technical skills to get the update anyway, but this does not mean it is available to the general public, the “point and click” type of user.
This is not the first time that Google takes a swing at solving the carpet bombing vulnerability. Their first attempt was back in September, but the “desktop is not the default download location” workaround definitely wasn’t enough. The current fix addresses the manner in which Chrome handles potentially harmful downloads. The way this works is by downloading executable files to “unconfirmed_*.download files” and converting them back to their original name only after the user confirms the download (clicks the Save button). All unconfirmed downloads are automatically deleted when you shut down Google Chrome.
This is where Aviv Raff puts an interesting question: what if the browser crashes and the unconfirmed downloads are not deleted? Keep in mind that the Google Chrome browser is still in its Beta phase, so crashes are expected to happen. If the browser does crash and the files are not deleted, you may end up with malware on your machine.
Tags: Google, Google Chrome, Scurity
Tags: Google, Google Chrome, Scurity
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 23 Jan 2012
The fifth edition of the Doodle 4 Google competition has kicked off and all K-12 students in the US are invited to take part in contest
By George Norman on 02 Sep 2011
Good news for users who were waiting for the stable version of Non-Admin Google Chrome Frame to be released: Google announced earlier this week that Non-Admin Google Chrome Frame has 
By George Norman on 16 Dec 2011
Earlier this week, Mountain View-based search engine giant Google announced that version 16.0 of its Chrome web browser graduated from the Beta to the Stable Channel. I remind you that Google 
By George Norman on 25 Jan 2012
People keeping track of these things will remember that back in the autumn of 2010 Google trimmed its privacy policies, that Google simplified and updated its privacy policies. Despite this fact, Google still has some Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Google Half-Plugs Chrome Security Holes
HTML Linking Code
HTML Linking Code