Google Chrome beta comes with security holes
With Google pushing a beta of their new browser Google Chrome on the front page of www.google.com, it wouldn't be long before people started locating security problems. And first reports show that at least two problems are present, and that it isn't ready for production systems.
Security specialist Aviv Raff has a demonstration of one problem. When you visit the page, without prompting, a file is downloaded, and the user is encouraged to click on the download. The file is actually a Java jar file which in the demonstration does nothing more than launch a Java notepad applications, but of course could carry a malicious payload.
The vulnerability appears to use a vulnerability in Webkit, previously noted in Safari, called Carpet Bomb and a bug in Java. With the Safari Carpet Bomb, Safari downloaded DLL files to the desktop automatically, which were, for reasons unknown, automatically executed by Windows at startup. Apple has defused the Carpet Bomb in Safari 3.1.2, but Chrome uses an earlier branch of the Webkit renderer and still has the problem.
Another problem was found in Chrome's protocol handling, as a demonstration page shows. The protocol handler name has a "special" character at the end of its name, and this character causes the handler to crash, taking down the browser. The failure appears to be down to the protocol handler not being isolated to a process in Chrome's multi-process architecture.
- Wanna get some free Chrome coffee?, Exploit by Aviv Raff
- Google Chrome Browser Vulnerability, Exploit by Rishi Naran