The techies (myself included) really jumped on Google's new browser, Chrome, as soon as it came out. However, maybe we should have waited to versions two or three. I say this due to the new security flaw (a buffer overflow) discovered in Chrome's "Save As" features. Researchers at the anti-virus company, Kaspersky discovered a bug in Chrome's rendering engine, WebKit. The security flaw becomes apparent when Java is installed. Since Almost all end-user systems have some form of Java installed, this basically means that just about everyone with Chrome is vulnerable. My rating... I would initially give Google 3 Samurai stars for meticulously studying security before release but I have to take one back since this discovery. Bottom line... until Google comes out with a fix, don't use the Save As feature unless you are on a trusted site.
UPDATE Sep 5 night GMT+3I just read a more accurate story from ZDnet. Apparently, this wasn't the first security bug in Chrome. Not only that, Google has removed the link to download it it from their main Google splash page! That's a testament to the seriousness of the problem.
The ZDNET blog can be followed below.
Google Chrome vulnerabilities starting to pile up by ZDNet's Ryan Naraine -- [ UPDATE: See below for Google’s official response to these issues ] Security vulnerabilities in the new Google Chrome browser are beginning to pile up. Following our coverage of the carpet bombing combo threat and denial-of-service crashes, several readers have sent pointers to Chrome exploit code floating around the Web: First up is an automatic file download [...]
No comments:
Post a Comment