Google Chrome Exploits

By PricklyPoo
in Web Browser Discussion & Support

 Share

Recommended Posts

Grand Master

PricklyPoo

Posted
Posted

http://digg.com/security/Google_Chrome_exploit_revealed

Well, this is new news, but if you search on google, you can find more about it.

The main thing is executables can be run without asking the users' permission. While searching google for this (in opera) I even clicked on one result and it said "Would you like to install server.exe?)....So don't be searching this in google chrome hehe.

Link to comment
https://www.neowin.net/forum/topic/665186-google-chrome-exploits/
Share on other sites
Mentor

wellofsouls

Posted
Posted
http://digg.com/security/Google_Chrome_exploit_revealed

Well, this is new news, but if you search on google, you can find more about it.

The main thing is executables can be run without asking the users' permission. While searching google for this (in opera) I even clicked on one result and it said "Would you like to install server.exe?)....So don't be searching this in google chrome hehe.

well, I think it's trying to paint something that's not what it actually is. It's just a combination of the old Safari carpet bombing exploit + an exploit in JAVA. Safari fixed the carpet bombing exploit by providing an option to "ask every time before download" in 3.1.2, while Chrome already has this option right from the start. So technically Chrome has already fixed the carpet bombing exploit, just like Safari 3.1.2, it's IMHO a bit sensationalism to bring the carpet bombing exploit back here. If you can set the browser to show a prompt before downloading something, then it's already not vulnerability to the carpet bombing exploit.

When I go to that PoC exploit demo, I got a prompt of "wanting to download blah blah?" which I pressed cancel. The same thing happens for all other browsers.

Grand Master

shockz

Posted
Posted
People are just blowing it out of proportion. It will be fixed in no time.

This is a major problem... luckly not many people know about chrome yet... and the ones that do are computer savvy enough to avoid malicous sites. But this should be patched right away... and the download pulled until it is. I could right now make a site with an iframe with a malicous download link... pass it around to people... and boom.

I've noticed a distrubing trend... and it started with firefox betas... and how blindly people ignore such serious holes... throwing the "its just a beta" excuse around. Well duh... but you'd think before releasing a beta (and all google stuff is beta) to the mass public something like this wouldn't have happened.

This is a well documented hole and has already been patched with the latest webkit versions... Google should have updated to this or held off until they could get this version in before releasing it.

Grand Master

supernova_00

Posted
Posted
This is a major problem... luckly not many people know about chrome yet... and the ones that do are computer savvy enough to avoid malicous sites. But this should be patched right away... and the download pulled until it is. I could right now make a site with an iframe with a malicous download link... pass it around to people... and boom.

I've noticed a distrubing trend... and it started with firefox betas... and how blindly people ignore such serious holes... throwing the "its just a beta" excuse around. Well duh... but you'd think before releasing a beta (and all google stuff is beta) to the mass public something like this wouldn't have happened.

This is a well documented hole and has already been patched with the latest webkit versions... Google should have updated to this or held off until they could get this version in before releasing it.

True they should have held off but I don't see that many webmasters adding iframes with malicious content. Maybe porn/warez sites but not regular sites. People visiting those types of sites should use anti-virus/malware/spyware software anyway.

The problem definitely needs fixed ASAP though.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Windows Server gets DNS over HTTPS (DoH) support

      By Legend20 · Posted

      Microsoft is busy. Lots of changes to be released imminently for Windows server or soon. Also, lots happening for next version as well. Third party virus scanning software is being moved out of Kernel mode to avoid repeat of Crowdstrike incident. Windows Protected Mode and Windows Ready Print no longer require third party print drivers to be installed. New storage stack being developed. New NVME drivers now available for Windows Server 2025 to improve local NVME drive performance by 60+ percent. NVME-Of of fabric being worked on for next release to improve network access to NVME drives. ReFs (next file system) now has ability to boot and will become default file system in next release of Windows Server. ReFs improves on NTFS in several areas including resiliency and reliability and scalability. New update stack is being worked on to unify Windows updates, and updates for drivers and first party/3rd party application software. A stricter and more robust third-party driver certification program (ODI) is being worked on to improve performance, thermals, battery life, and reliability on modern Windows hardware by tightening how OEMs and IHVs (Intel, AMD, Qualcomm, NVIDIA, etc.) build and ship drivers. There is a tone more but too numerous to mention.
    • Windows 11 gets better widgets, new Screen Tint feature, and more in the latest build

      By ZipZapRap · Posted

      Now disable that stupid OneDrive backup request when Windows starts please. So unbelievably frustrating to only have “remind me later” instead of “no and never ask me again”
    • Microsoft releases new Windows 11 Media Creation Tool with the latest updates

      By goretsky · Posted

      Hello, The Media Creation Tool is still at v10.0.26100.7019 from October 2025. Just looks like the backend has been updated. Regards, Aryeh Goretsky
    • Microsoft releases major feature updates for stock Windows 11 apps

      By skinnyJM · Posted

      Since they open sourced the calculator in Win 10/11 it is much better and can do a lot, I love it.
    • Using Windows 10 past its end of support date, is it really that bad?

      By +Edouard · Posted

      That's just silly imo. The lengths that man goes to just to avoid W11 is just nuts. Very, very few home users would do that. I will say this though, he is committed. Btw, I note on askwoody that Woody Leonhard passed away March, 2025 aged 73. His site was one of my favorites back in the day. Belated yes but RIP Woody.

  • Recent Achievements

    • One Month Later
      Markus94287 earned a badge
      One Month Later
    • Week One Done
      Markus94287 earned a badge
      Week One Done
    • One Year In
      Markus94287 earned a badge
      One Year In
    • Dedicated
      truespursfan earned a badge
      Dedicated
    • Rookie
      restore went up a rank
      Rookie

  • Popular Contributors

    1. 1
      +primortal
      508
    2. 2
      +Edouard
      169
    3. 3
      PsYcHoKiLLa
      154
    4. 4
      ATLien_0
      90
    5. 5
      Steven P.
      79
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!