Vulnerability Exposed in Google Chrome Beta

News
By published

Every piece of software on the planet is subject to its share of bugs and flaws at some point in time. It is part of human nature to make mistakes, in this situation it is in the lines of software code. Equally, Internet Explorer, Mozilla and Safari have seen their fair share of interesting ‘features’. It is only expected to see the same thing happen with Chrome, Hence the reason why it is in public Beta stages at this point.

A few hours after the launch of the Chrome public Beta, security researcher Aviv Raff found a hole in the new browser. The new found flaw targets an older version of the WebKit rendering engine. Apple’s latest Safari release uses a newer version of WebKit which is immune from this specific flaw, however Chrome does not.

Aviv Raff has publicized a ‘proof-of-concept’ demonstration showcasing this vulnerability. The demonstration causes Firefox to prompt its users of a Java JAR file download. In Chrome, the file is automatically downloaded without any prompting to the users desktop. Malicious programmers with some good con-artist skills could easily use this vulnerability to trick users in to executing the Java application. The possibilities with what the Java does are endless at this point, just use your imagination.

Raff’s demonstration uses a simple Java based text editing application. You can view the demonstration here.

ZDNet also mentioned that this vulnerability could be used to execute a ‘combo attack’ through an un-patched Internet Explorer flaw. Raff had already spoke of this flaw in relation to Safari back in the last quarter of May. He has not yet released the details, however.

More about google chrome

Google tools required for classwork are allegedly being used to build data profiles of each student

Google may be forced to sell its Chrome browser due to monopoly complaints — potential $20 billion sale if approved by a judge

Nvidia pitches Star Wars vs. Star Trek fans in May The Fourth RTX 5090 competition
See more latest
5 Comments Comment from the forums
  • spaztic7
    IT'S A FREAKING BETA VERSION!!!!

    Google said themelves that they are not done with it yet. When they get a final version, we should test that to see if it has the same issues.
    Reply
  • exiled scotsman
    spaztic7IT'S A FREAKING BETA VERSION!!!!Google said themelves that they are not done with it yet. When they get a final version, we should test that to see if it has the same issues.
    GET A FREAKING CLUE!!!!

    That doesn't mean people shouldn't look at it and reveal bugs and security flaws to the Chrome team. Thats how a buggy, insecure Beta becomes a stable final version. Much better to have thousands of eyes looking for flaws then maybe less than a hundred or whatever the size of the chrome team is.
    Reply
  • spaztic7
    I agree with you about that... other then the get a clue part. It is not that THG posted this, but they are the only ones I can post on.

    It bothers me that people will say that it is bad or this is a big problem when this isn't a final release candidate yet. Yes troubleshooting needs to be done and the best way to do it is by giving it to the masses. I understand that. But don't make a big deal out of a test version. If we did that, then when Google had a basic copy of Android (before the new GUI and further update/grades to it), no one would get it because it was so basic and nothing really did anything special. I think people should recognize that there are current issues but not worry about it or report it like this will always be there.

    But like you siad, people should look at it and reveal bugs and security flaws to the Chrome Team. Why is it news? We all knew this would be there because of the toolkit they used to build it. Once they update the toolkit to the newest version, the issue is gone.


    Oh, wow.... I think I ranted to long :P . Anywho, I still like it. But that’s the great things in life, we can choose what we like and don’t.


    Good luck!
    Reply
  • Technologies8
    it is a big deal to use older vulnerable coding to beta test as some users will run into those malicious attacks and be left stranded thanks to the developer not using the latest possible security fixes

    ive run the chrome and some flash sites cause the CPU to go 100% and i cant close any of the browser or open task manager to end anything
    a flaw with implemented shockwave on the beta
    Reply
  • spaztic7
    Ahh... I do think it is strange they did use the newest toolkit, but what are you ganna do?

    Did you try to use Chrome task manager to close the operation?
    Reply
Most Popular
Nvidia MayThe4thBeWithYou GPU competition
Nvidia pitches Star Wars vs. Star Trek fans in May The Fourth RTX 5090 competition
Gigabyte RTX 5060/Ti lineup
GPUs with 8GB of VRAM in 2025 are 'like bringing a butter knife to a gunfight' reckons Grok AI
WD Black SN850X 8TB SSD
Amazon lists the unannounced WD Black SN8100 with 14.9 GB/s reads for $225 (1TB)
Neuralink BCI implant
Brain interface used to edit YouTube video — paralyzed Neuralink patient also uses AI to narrate with his own voice
Microsoft Surface Laptops
More compact Arm variants of Microsoft Surface Pro and Laptop lines leaked
Zotac RTX 5060 Series
Nvidia RTX 5060 Ti 8GB loses up to 10% performance when using PCIe 4.0
Cerabyte glass and ceramic storage media
Storage device boiled in salt water, then grilled in an oven as proof of durability — Cerabyte's glass storage media claimed to be ultra-rugged
Intel Xeon CPU
Dynatron coolers support up to 660W for Intel Diamond Rapids and AMD Venice CPUs
Minecraft
Minecraft runs on 8MB of VRAM using a 20-year-old GPU
Intel Arc Battlemage B580 and B570
Intel Arc Xe3 Celestial GPU enters pre-validation stage