Google Half-Plugs Chrome Security Holes
Article by George Norman
On 23 Oct 2008
The security issue in question refers to the carpet bombing vulnerability that influences several browser packages. The expert to discover the security vulnerabilities within Chrome is Israeli researcher Aviv Raff. He is also the one that says Google did a halfcocked job of fixing the problem. The proof-of-concept code that Aviv Raff released last month showed how an attacker could be successful by exploiting a vulnerability combo within WebKit and Java. An unsuspecting user can be easily fooled into downloading a JAR file which will be automatically executed without the user being aware of it. Google has issued a fix, but there is a catch – only developer versions of Chrome can get it. There are of course some users with enough technical skills to get the update anyway, but this does not mean it is available to the general public, the “point and click” type of user. This is not the first time that Google takes a swing at solving the carpet bombing vulnerability. Their first attempt was back in September, but the “desktop is not the default download location” workaround definitely wasn’t enough. The current fix addresses the manner in which Chrome handles potentially harmful downloads. The way this works is by downloading executable files to “unconfirmed_*.download files” and converting them back to their original name only after the user confirms the download (clicks the Save button). All unconfirmed downloads are automatically deleted when you shut down Google Chrome. This is where Aviv Raff puts an interesting question: what if the browser crashes and the unconfirmed downloads are not deleted? Keep in mind that the Google Chrome browser is still in its Beta phase, so crashes are expected to happen. If the browser does crash and the files are not deleted, you may end up with malware on your machine.



Tags: Google, Google Chrome, Scurity
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 24 Feb 2017
In all, a total of 56 games spread across 24 award categories were nominated for the 20th Annual D.I.C.E. Awards by the Academy of Interactive Arts & Sciences (AIAS), the non-profit organization dedicated to the advancement and recognition of the interactive arts.
By George Norman on 22 Feb 2017
What’s better than getting to play a game before everyone else? Getting to play it for free, of course! That’s the case with Tom Clancy’s Ghost Recon Wildlands, the open world military shooter that is...
Related News
By George Norman on 08 Dec 2016
YouTube Rewind is back for another year and, as usual, it comes with lots of lists that present the year’s most popular videos. Also, a brand new Rewind video that features a year’s worth of trends, music, memes and characters.
By George Norman on 24 Nov 2016
Pictured above is the doodle that Google decided to feature on its homepage in honor of Thanksgiving 2016. It is the latest in a long line of Thanksgiving doodles that have been showcased on Google.com over the years.
By George Norman on 05 Oct 2016
Google’s October 4 event in San Francisco did not disappoint. The company presented several Made by Google products, including the brand new Pixel smartphone.
By George Norman on 06 Sep 2016
Android 7.0 Nougat, the mobile operating system that Google calls "our sweetest release yet," has quite a lot to offer. Here's a quick look at Nougat's most exciting new features.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Google Half-Plugs Chrome Security Holes
HTML Linking Code