Google Chrome vulnerable to carpet-bombing flaw

Google Chrome vulnerable to carpet-bombing flaw

Summary: Google's shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities -- a flaw in Apple Safari (WebKit) and a Java bug discussed at this year's Black Hat conference -- to trick users into launching executables direct from the new browser.

SHARE:

Google Chrome vulnerable to carpet-bombing flawGoogle's shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities -- a flaw in Apple Safari (WebKit) and a Java bug discussed at this year's Black Hat conference -- to trick users into launching executables direct from the new browser.

Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.

[ SEE: Google Chrome, the security tidbits ]

In the proof-of-concept, Raff's code shows how a malicious hacker can use a clever social engineering lure -- it requires two mouse clicks -- to plant malware on Windows desktops.

The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser.

Apple patched the carpet-bombing issue with Safari v3.1.2.

Some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.

Topics: Google, Apple, Browser, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

131 comments
Log in or register to join the discussion
  • just proves that no software can ever be without any flaws

    nt
    reverseswing
    • Especially when its built...

      ...on previously compromised code. Wonder if Apple bothered to remind them of that little factoid.
      flatliner
      • Why would Apple tell them?

        Anyone can download the source. It's fairly difficult for all possessors of the source to be notified directly.
        rpmyers1
      • No one except Google

        is to blame for this pathetic oversight.

        Sure, Apple's original software had the flaw, but given that this was s KNOWN flaw, once Google modified it and slapped its name on it Apple's responsibility ended.

        wow. pathetic, just pathetic
        tikigawd
        • Yep. Pretty lame.

          I was wondering about it when I read that Chrome was based on WebKit, as is Safari.

          Duh.
          seanferd
        • Give me a break! It's a BETA...

          Let me remind EVERYONE here, this is a BETA RELEASE... they have NOT yet CLAIMED to be vulnerability free!!! The point of a beta is to allow users to try a PRE-RELEASE of the software... when you download the software, you agree to their terms which states they take no responsibility for downloading the BETA PRE-RELEASE of the software... I will agree it seems silly that they didn't build off of the latest release of webkit, however, unless you are a coder, and unless you understand what must truely go into the creation of software, I don't want to hear your calling a brilliant new entry into the web browser war...
          jacobfogg
          • As usaual...

            Im impressed by your (jason) beautiful words supporting the crashing of the Google Chrome. If this had happened to Microsoft, everyone will throw hot-blows on them. When it comes to Google Chrome, everyone speaking about; 'this is beta', 'there might be bugs', and thus the supporting explanations goes on.
            I still know alot of forums, shouting at the bugs in the IE8 beta release. At that time, there was no one to think that [b]IE is in BETA state[/b].
            Anyway, choices & opinions are personal. It will be much better, if u watch your back at the time of commenting.
            abhilashca
          • ie8 = beta?

            You are kidding, right? IE8 != IE1. It's evolutionary, not revolutionary. Chrome is brand spankin new, not built atop previous releases.

            It's an oversight on the version of the software used to build it, not something that's coded into the product.
            smoring
      • except WebKit is NOT the compromised code

        the exploit has nothing to do with WebKit, but it's about
        Apple's decision to automatically download anything with Safari,
        which is part of the UI shell, not the webkit engine.

        Chrome already has an option to prompt every time before
        download, so it's actually NOT vulnerable to this carpet bombing
        exploit.
        wellofsouls
  • more typical ZDnet FUD

    Chrome prevents access to user folders including the
    desktop using permissions. R-E-A-S-E-A-R-C-H
    ericesque
    • Are u sure?

      Google did say they don't have full control of those plug-ins running inside Chrome.
      LBiege
    • RTFA

      Did you see where demos were made, along with a link? Don't believe it? Try it yourself.
      rpmyers1
      • OOPS

        Apologies!
        egg on face
        mouth outfitted with shoe store
        etc...

        In my defense, I read the whole comic, so clearly I am
        a Chrome security expert already... there must be
        something wrong with the intarweb.
        ericesque
        • props for a good apology

          :)
          eggmanbubbagee
  • RE: Google Chrome vulnerable to carpet-bombing flaw

    "Raff???s code shows how a malicious hacker can use a clever social engineering lure ??? it requires two mouse clicks ??? to plant malware on Windows desktops."

    I can do that in one click. Open Internet Explorer.
    drhowarddrfine
  • RE: Google Chrome vulnerable to carpet-bombing flaw

    had to ruin the parade didn't ya!
    tech_walker
  • Wait a minute...

    All Google Chrome is doing is saving files when the user goes to the web address of the file. There's nothing wrong with that.

    It's Microsoft Windows that has the security bug -- check out the link in the article to Microsoft's own page about it. Windows is executing files it shouldn't.
    foo1
    • Both of them have a flaw

      Google shouldn't be automatically saving executables without user approval and it definitely shouldn't be saving them by default to the desktop without user approval. It's an insecure programming practice. However, Chrome is still a beta product, so I expect it will have a few bugs that need to be worked out. At least it's nice to catch this bug while it's in beta.
      alaniane
      • yes but.....

        It's a beta that's already being widely used.
        Technically IE has beta 2, but it's being used
        extensively.
        fritzendugan
        • What you said...

          ...makes no sense. How is Chrome already being widely
          used? It just came out yesterday. I agree that IE is
          being used extensively, but not necessarily the beta.
          Unless "extensively" to you is 50,000 people or so.
          BIGELLOW