Google's new browser, Chrome, might only be in the beta stage, but that hasn't stopped the hacker community searching it for every possible flaw.
And security researcher Aviv Raff has managed to find a flaw in the system that could allow malicious users to automatically download a file.
A Java JAR file is highlighted when needed for download by fully-working browsers, such as Firefox. But with the version of the WebKit Google used to develop Chrome does not include such a prompt.
Clever hackers
This means clever hackers could use this to launch an attack through Java if users don't know what JAR file they're downloading.
Browsers such as Safari use a newer version of the WebKit and aren't vulnerable to such a flaw...but then Google would just say this is what a beta version is for!
But the main point: remember the new Google Chrome isn't finished, so be ready for the consequences if you download it.
del.icio.us
Digg
reddit!
TechBlips
Facebook
Stumbleupon
Newsvine
Your comments (1) Click to add a new comment
dgerard
September 4th 2008
1. Google's new browser will give you their web and email services, photo processing, mapping, office applications that will run in said browser and will make you a cup of tea. This is all paid for by personally-directed text ads in your tea leaves, based on analysing a DNA sample taken when you sip the tea and sending your genetic code back to Google for future targeting.
http://notnews.today.com/?p=57
Alert a moderator
Tell us what you think
You need to Log in or register to post comments