Do not use Google Chrome

By White Cuban
in Web Browser Discussion & Support

 Share

Recommended Posts

Proficient

darkmanx21

Posted
Posted

Did we already not know this? I mean it's beta, it's going to have gaping flaws everywhere. It's still a little stupid to release something with such a huge hole though. More like irresponsible considering this is Google, right? Because when they mess up, it's cool. When others mess up it's a media frenzy.

I don't think this is going to be easy for Google by any means. Other browsers are better Maxthon, IE, Firefox, Opera..why the huge fuss over this? Those browsers do everything and more so why would I take a step back? My two cents. It will probably take years before it makes it out of Beta. :D

Veteran

White Cuban

Posted
  • Author
Posted
Did we already not know this? I mean it's beta, it's going to have gaping flaws everywhere. It's still a little stupid to release something with such a huge hole though. More like irresponsible considering this is Google, right? Because when they mess up, it's cool. When others mess up it's a media frenzy.

I don't think this is going to be easy for Google by any means. Other browsers are better Maxthon, IE, Firefox, Opera..why the huge fuss over this? Those browsers do everything and more so why would I take a step back? My two cents. It will probably take years before it makes it out of Beta. :D

i dont recall any of the browser having such bugs that it seems like they were done in purpose, cmon now, how dumb do you have to be to make the things that it does happen. my guess is dumb as google (which is pretty high up the scale.)

Collaborator

Hello1024

Posted
Posted

This isn't exactly a huge problem, and in fact I'd prefer if google DIDN'T fix it.

The "problem" is that google auto-downloads any file type, rather than popping up copious security warnings like IE does. It's not a serious security problem because it still requires one mouse click to actually run that exe file.

Remember that a malicious file on your PC does no harm as long as it isn't executed, and in this case it requires an explicit mouse click on the chrome gui to make it run, which is just the way it should be.

Grand Master

kjordan2001

Posted
Posted
i like chrome personally,.. but just type :% in the address bar and your entire browser will crash

but i still like chrome

Confirmed on that, wonder what about that makes it crash.

I'm also going into withdrawal anytime I use Chrome for some mouse gestures. I think browsers should have those built in now because they're so handy.

Enthusiast

draakhs

Posted
Posted

So let me get this right. Everyone is going crazy because the browser expects people to have common sense and click for themselves if they want to execute an exe or not? omg please someone call the webpolice.

And the thing that they are allowed to post anything you surf to on the internet is probably so they are able to debug things if they happen. Not to mention google likes playing with ads so could be related to that. I doubt they are going to post your 50 porn sites you surf to a day on the front page of google.

Grand Master

Rob Veteran

Posted
  • Veteran
Posted
This isn't exactly a huge problem, and in fact I'd prefer if google DIDN'T fix it.

The "problem" is that google auto-downloads any file type, rather than popping up copious security warnings like IE does. It's not a serious security problem because it still requires one mouse click to actually run that exe file.

Remember that a malicious file on your PC does no harm as long as it isn't executed, and in this case it requires an explicit mouse click on the chrome gui to make it run, which is just the way it should be.

So let me get this right. Everyone is going crazy because the browser expects people to have common sense and click for themselves if they want to execute an exe or not? omg please someone call the webpolice.

You're missing the point entirely. Browsers should run in a sandboxed environment owing to the nature of the web; allowing files of any kind to be saved to the user's machine without their consent (outside of the designated areas for cookies etc.) is a security flaw and I fail to see how you can think otherwise.

Enthusiast

draakhs

Posted
Posted
You're missing the point entirely. Browsers should run in a sandboxed environment owing to the nature of the web; allowing files of any kind to be saved to the user's machine without their consent (outside of the designated areas for cookies etc.) is a security flaw and I fail to see how you can think otherwise.

Hmm I was replying to the fact Chrome does not refuse exe files but opens a dialog box to check if you want to execute it. To me there is nothing wrong with that.

Which of all these is it? Because I like info on the internet... everyone goes crazy and starts throwing stuff everywhere. Someone in this topic says they execute it without warning, another says they open a dialog box another says they download it without warning without executing it...

Also it's a beta, there have been much bigger flaws in live versions from for example IE.

Grand Master

Rob Veteran

Posted
  • Veteran
Posted
Hmm I was replying to the fact Chrome does not refuse exe files but opens a dialog box to check if you want to execute it. To me there is nothing wrong with that.

Which of all these is it? Because I like info on the internet... everyone goes crazy and starts throwing stuff everywhere. Someone in this topic says they execute it without warning, another says they open a dialog box another says they download it without warning without executing it...

Also it's a beta, there have been much bigger flaws in live versions from for example IE.

Ah, we're talking about different things:

The issue is that with iframes the file can be downloaded onto the desktop of the user. Without any prompts whatsoever. Yes, it won't be opened, but the mere fact that anything is automatically downloaded, particularly an executable file, is a security risk. It's not that I, or the original poster, is suggesting EXE files should be blocked: it's that without any user interaction whatsoever I could construct a page that downloaded twenty EXE files onto the user's desktop, just by visiting. That's poor.

Veteran

ninjamunky

Posted
Posted
its funny how people react to some lame sentence in terms of service.

I'll say... it's as if all these people think they're going to publish some world-changing thesis paper and Google's going to steal it cause they used Chrome.

I think it's funny how paranoid and ignorant everyone is.

Mentor

Dave Diller

Posted
Posted
I'll say... it's as if all these people think they're going to publish some world-changing thesis paper and Google's going to steal it cause they used Chrome.

I think it's funny how paranoid and ignorant everyone is.

IMO it's more than that. If they can apparently have control of what you post when using Chrome...how can they tell that you're using Chrome? Do the log keystrokes or something?

Mentor

wellofsouls

Posted
Posted
Its using the old version of webkit... there is a newer version that this bug is fixed on.

Its the carpet bomb bug people were going crazy about before.

first this has nothing to do with WebKit the rendering engine. WebKit does not handle file downloads. It's the UI shell that decides what to do with a file that the rendering engine don't understand (ie. not web pages).

Second, back when Safari the browser had the carpet bombing exploit, there was no option to stop that. All downloads are automatically with no option to change that. For Chrome just go to Options -> Minor Tweaks -> check "Ask where to save each file before downloading", and you'll be prompted every time a download start.

damn, I was about to test incognito on porn sites

I'll hold off for a while, until they fix it.

well, you can "fix" it yourself, by enabled an option in the Options menu.

It doesn't say the exe is being executed, it is just being downloaded so some user interaction is still required. Don't get me wrong though, I understand how serious of an issue it is.

well combined with an exploit in Windows (which I'm not sure if it's still there) or Java, the downloaded file can be automatically executed.

You'd think Google would've fixed the EXE flaw before releasing this, it's a damn big security hole.

well, I guess Google expected that anyone who wanted to fix it can fix it themselves, by ticking a checkbox in the Options menu. :laugh:

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.