Vulnerability Exposed in Google Chrome Beta

Every piece of software on the planet is subject to its share of bugs and flaws at some point in time. It is part of human nature to make mistakes, in this situation it is in the lines of software code. Equally, Internet Explorer, Mozilla and Safari have seen their fair share of interesting ‘features’. It is only expected to see the same thing happen with Chrome, Hence the reason why it is in public Beta stages at this point.

A few hours after the launch of the Chrome public Beta, security researcher Aviv Raff found a hole in the new browser. The new found flaw targets an older version of the WebKit rendering engine. Apple’s latest Safari release uses a newer version of WebKit which is immune from this specific flaw, however Chrome does not.

Aviv Raff has publicized a ‘proof-of-concept’ demonstration showcasing this vulnerability. The demonstration causes Firefox to prompt its users of a Java JAR file download. In Chrome, the file is automatically downloaded without any prompting to the users desktop. Malicious programmers with some good con-artist skills could easily use this vulnerability to trick users in to executing the Java application. The possibilities with what the Java does are endless at this point, just use your imagination.

Raff’s demonstration uses a simple Java based text editing application. You can view the demonstration here.

ZDNet also mentioned that this vulnerability could be used to execute a ‘combo attack’ through an un-patched Internet Explorer flaw. Raff had already spoke of this flaw in relation to Safari back in the last quarter of May. He has not yet released the details, however.

  • spaztic7

    Google said themelves that they are not done with it yet. When they get a final version, we should test that to see if it has the same issues.
  • exiled scotsman
    spaztic7IT'S A FREAKING BETA VERSION!!!!Google said themelves that they are not done with it yet. When they get a final version, we should test that to see if it has the same issues.

    That doesn't mean people shouldn't look at it and reveal bugs and security flaws to the Chrome team. Thats how a buggy, insecure Beta becomes a stable final version. Much better to have thousands of eyes looking for flaws then maybe less than a hundred or whatever the size of the chrome team is.
  • spaztic7
    I agree with you about that... other then the get a clue part. It is not that THG posted this, but they are the only ones I can post on.

    It bothers me that people will say that it is bad or this is a big problem when this isn't a final release candidate yet. Yes troubleshooting needs to be done and the best way to do it is by giving it to the masses. I understand that. But don't make a big deal out of a test version. If we did that, then when Google had a basic copy of Android (before the new GUI and further update/grades to it), no one would get it because it was so basic and nothing really did anything special. I think people should recognize that there are current issues but not worry about it or report it like this will always be there.

    But like you siad, people should look at it and reveal bugs and security flaws to the Chrome Team. Why is it news? We all knew this would be there because of the toolkit they used to build it. Once they update the toolkit to the newest version, the issue is gone.

    Oh, wow.... I think I ranted to long :P . Anywho, I still like it. But that’s the great things in life, we can choose what we like and don’t.

    Good luck!
  • Technologies8
    it is a big deal to use older vulnerable coding to beta test as some users will run into those malicious attacks and be left stranded thanks to the developer not using the latest possible security fixes

    ive run the chrome and some flash sites cause the CPU to go 100% and i cant close any of the browser or open task manager to end anything
    a flaw with implemented shockwave on the beta
  • spaztic7
    Ahh... I do think it is strange they did use the newest toolkit, but what are you ganna do?

    Did you try to use Chrome task manager to close the operation?