Added on 23 Oct 2008(606 Views)
The security issue in question refers to the carpet bombing vulnerability that influences several browser packages. The expert to discover the security vulnerabilities within Chrome is Israeli researcher Aviv Raff. He is also the one that says Google did a halfcocked job of fixing the problem.The proof-of-concept code that Aviv Raff released last month showed how an attacker could be successful by exploiting a vulnerability combo within WebKit and Java. An unsuspecting user can be easily fooled into downloading a JAR file which will be automatically executed without the user being aware of it.
Google has issued a fix, but there is a catch – only developer versions of Chrome can get it. There are of course some users with enough technical skills to get the update anyway, but this does not mean it is available to the general public, the “point and click” type of user.
This is not the first time that Google takes a swing at solving the carpet bombing vulnerability. Their first attempt was back in September, but the “desktop is not the default download location” workaround definitely wasn’t enough. The current fix addresses the manner in which Chrome handles potentially harmful downloads. The way this works is by downloading executable files to “unconfirmed_*.download files” and converting them back to their original name only after the user confirms the download (clicks the Save button). All unconfirmed downloads are automatically deleted when you shut down Google Chrome.
This is where Aviv Raff puts an interesting question: what if the browser crashes and the unconfirmed downloads are not deleted? Keep in mind that the Google Chrome browser is still in its Beta phase, so crashes are expected to happen. If the browser does crash and the files are not deleted, you may end up with malware on your machine.
Don't forget to:
RSSTags: Google, Google Chrome, Scurity
Link to this article:
Add comment:
Software News
Chromium OS Goes Open-Source
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
20 Nov 2009
Office 2010 Beta Downloads Available to the Public
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
20 Nov 2009
Mozilla Releases: Firefox 3.6 Beta 3
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
20 Nov 2009
New Labs Feature for Gmail: Green Robot!
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
20 Nov 2009
Opera Mobile 10 Beta for Windows Mobile Is Out Also
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
19 Nov 2009
Beta Testing is Over, Stable Version of Trillian for iPhone Released
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
19 Nov 2009
Recommended Tools
Registry Booster 2010 Enhanced, deeper and faster error scan performance. Now also in 5 languages! Free Scan
Driver Scanner 2009
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
SpeedUpMyPC 2009
How fast is your PC really running? Turbo-charge your Internet and PC performance here
How fast is your PC really running? Turbo-charge your Internet and PC performance here
Nero Burning ROM
LimeWire Basic
Yahoo! Messenger
Winamp
Mozilla Firefox
eMule
BitComet
iTunes
Google Earth
uTorrent