http://digg.com/security/Google_Chrome_exploit_revealed
Well, this is new news, but if you search on google, you can find more about it.
The main thing is executables can be run without asking the users' permission. While searching google for this (in opera) I even clicked on one result and it said "Would you like to install server.exe?)....So don't be searching this in google chrome hehe.
Full Version: Google Chrome Exploits
Neowin Forums > Help & Discussion Center > Software Discussion & Assistance > Web Browser Discussion > Chrome/Safari (KHTML & WebKit)
I have a strong distrust for anything that Google does. I did not like the EULA but it is being rewritten. The product is also still in Beta. I really don't want my searching habits used for ad purposes.
Quote - (PricklyPoo @ Sep 4 2008, 11:03) 
http://digg.com/security/Google_Chrome_exploit_revealed
Well, this is new news, but if you search on google, you can find more about it.
The main thing is executables can be run without asking the users' permission. While searching google for this (in opera) I even clicked on one result and it said "Would you like to install server.exe?)....So don't be searching this in google chrome hehe.
Well, this is new news, but if you search on google, you can find more about it.
The main thing is executables can be run without asking the users' permission. While searching google for this (in opera) I even clicked on one result and it said "Would you like to install server.exe?)....So don't be searching this in google chrome hehe.
well, I think it's trying to paint something that's not what it actually is. It's just a combination of the old Safari carpet bombing exploit + an exploit in JAVA. Safari fixed the carpet bombing exploit by providing an option to "ask every time before download" in 3.1.2, while Chrome already has this option right from the start. So technically Chrome has already fixed the carpet bombing exploit, just like Safari 3.1.2, it's IMHO a bit sensationalism to bring the carpet bombing exploit back here. If you can set the browser to show a prompt before downloading something, then it's already not vulnerability to the carpet bombing exploit.
When I go to that PoC exploit demo, I got a prompt of "wanting to download blah blah?" which I pressed cancel. The same thing happens for all other browsers.
People are just blowing it out of proportion. It will be fixed in no time.
Besides, look at the version number 0.2.149.27.
Quote - (supernova_00 @ Sep 4 2008, 08:56)
People are just blowing it out of proportion. It will be fixed in no time.
This is a major problem... luckly not many people know about chrome yet... and the ones that do are computer savvy enough to avoid malicous sites. But this should be patched right away... and the download pulled until it is. I could right now make a site with an iframe with a malicous download link... pass it around to people... and boom.
I've noticed a distrubing trend... and it started with firefox betas... and how blindly people ignore such serious holes... throwing the "its just a beta" excuse around. Well duh... but you'd think before releasing a beta (and all google stuff is beta) to the mass public something like this wouldn't have happened.
This is a well documented hole and has already been patched with the latest webkit versions... Google should have updated to this or held off until they could get this version in before releasing it.
Quote - (shockz @ Sep 4 2008, 09:05)
This is a major problem... luckly not many people know about chrome yet... and the ones that do are computer savvy enough to avoid malicous sites. But this should be patched right away... and the download pulled until it is. I could right now make a site with an iframe with a malicous download link... pass it around to people... and boom.
I've noticed a distrubing trend... and it started with firefox betas... and how blindly people ignore such serious holes... throwing the "its just a beta" excuse around. Well duh... but you'd think before releasing a beta (and all google stuff is beta) to the mass public something like this wouldn't have happened.
This is a well documented hole and has already been patched with the latest webkit versions... Google should have updated to this or held off until they could get this version in before releasing it.
True they should have held off but I don't see that many webmasters adding iframes with malicious content. Maybe porn/warez sites but not regular sites. People visiting those types of sites should use anti-virus/malware/spyware software anyway.I've noticed a distrubing trend... and it started with firefox betas... and how blindly people ignore such serious holes... throwing the "its just a beta" excuse around. Well duh... but you'd think before releasing a beta (and all google stuff is beta) to the mass public something like this wouldn't have happened.
This is a well documented hole and has already been patched with the latest webkit versions... Google should have updated to this or held off until they could get this version in before releasing it.
The problem definitely needs fixed ASAP though.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.