Chrome tarnished by early flaws
Just a few days after public release, vulnerabilities in Google’s Chrome browser have already been publicised. Ramifications of an attack could range from an application crash to remote malware installation.
The first vulnerability was found on Wednesday by researcher Aviv Raff, who discovered that the browser was open to a highly-publicised ‘carpet bombing’ attack first found in Safari. The Safari hole was patched earlier this year, but because Chrome uses Apple’s WebKit software, the flaw has reappeared in the Google browser.
A proof of concept page was published demonstrating how an attacker could embed malicious code on a web page and then use it to conduct a remote malware installation with a separate specially-crafted Java applet.
Then researchers Rishi Narang and JanDeMooij posted separate reports of a vulnerability in the browser’s chromium.dll component that was exposed through the browser’s URL bar. The flaw can be made to cause an application crash, though neither report mentioned the possibility of remote code execution.
Loading ...
I have used Chrome a fair few times, and am less than impressed with its layout. After being used to traditional setups such as IE, and Firefox (which is my favourite). I actually found (in my tests) that Chrome was sometimes slower. Textpages are fast, but media pages take a fraction longer.
I also didn’t like Google’s privacy statements so reverted back to Firefox.