Google Chrome vulnerable to carpet-bombing flaw
in
Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks. Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.
Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning. In the proof-of-concept, Raff’s code shows how a malicious hacker can use a clever social engineering lure — it requires two mouse clicks — to plant malware on Windows desktops.
The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser.
Apple patched the carpet-bombing issue with Safari v3.1.2.
Some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.
by Ryan Naraine
Technorati Tags: - webmaster's blog
- Add new comment
- 338 reads
- Email this page
Help us by Promoting Art Kerala to your friends
Latest news and articles
- Easy and Proved Ways to Pull in Traffic to a New Website
- 4 Things To Look At Prior To Joining An Online Business Program
- Decision Time For Buying A House - Vintage Or New Construction
- Attracting And Maintaining A Solid Sales Network
- Attraction Marketing Or A Franchise
- The Work From Home Online Jobs Lifestyle
- How To Make Money Online
- Finding A Profitable Niche Online
- Real Estate Agents Do Something Before Its Too Late!
- Building Your Stay At Home Moms Business On A Budget
