Security flaw discovered in Google Chrome

Today I just installed Google Chrome on my PC and I must say that I love it. It’s very fast (or i should say “insta browsing”), good looking, it has all the good features from Firefox but also there there are some bad news: it has a potentially serious security flaw inherited from the old version of WebKit. This means that an attacker could easily trick users into launching an executable Java file by combining a flaw in WebKit with a known Java bug and some smart social engineering. Aviv Raff,a security expert who discovered the flaw, already has a demo (don’t panic! you can safely click on the download, as it only opens up a notepad application written in Java of the exploit).

The weird fact is that Apple knew about this flaw and already patched WebKit against it when it released Safari 3.2.1 in July and Google pointed widely on the security of Chrome in both the official announcement as well as in today’s live video demo just before the launch.

The exploit behaves like some pop-up ad and it tricks the users into clicking “OK” because the ad mimics a typical system message in Windows, and most of the users not beeing familair with Chrome’s interface they think that the download is actually just part of the web page.

We can only hope that Google speeds the patching up like Apple did with Safari, making it a better and safer browser.

    Sphere It