madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Google Chrome vulnerable to carpet-bombing flaw

By | September 2, 2008, 3:05pm PDT

Summary: Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks. Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference [...]

Google Chrome vulnerable to carpet-bombing flawGoogle’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.

Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.

[ SEE: Google Chrome, the security tidbits ]

In the proof-of-concept, Raff’s code shows how a malicious hacker can use a clever social engineering lure — it requires two mouse clicks — to plant malware on Windows desktops.

The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser.

Apple patched the carpet-bombing issue with Safari v3.1.2.

Some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Google Inc., Apple Safari, Web Browser, Flaw, Raff, Microsoft Windows, Web Browsers, Security, Operating Systems, Software, Internet, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 131 Talkback(s)

  • just proves that no software can ever be without any flaws
    nt
    ZDNet Gravatar
    reverseswing
    2nd Sep 2008
  • Especially when its built...
    ...on previously compromised code. Wonder if Apple bothered to remind them of that little factoid.
    ZDNet Gravatar
    flatliner
    2nd Sep 2008
  • Why would Apple tell them?
    Anyone can download the source. It's fairly difficult for all possessors of the source to be notified directly.
    ZDNet Gravatar
    rpmyers1
    3rd Sep 2008
  • No one except Google
    is to blame for this pathetic oversight.

    Sure, Apple's original software had the flaw, but given that this was s KNOWN flaw, once Google modified it and slapped its name on it Apple's responsibility ended.

    wow. pathetic, just pathetic
    ZDNet Gravatar
    tikigawd
    3rd Sep 2008
  • Yep. Pretty lame.
    I was wondering about it when I read that Chrome was based on WebKit, as is Safari.

    Duh.
    ZDNet Gravatar
    seanferd
    3rd Sep 2008
  • Give me a break! It's a BETA...
    Let me remind EVERYONE here, this is a BETA RELEASE... they have NOT yet CLAIMED to be vulnerability free!!! The point of a beta is to allow users to try a PRE-RELEASE of the software... when you download the software, you agree to their terms which states they take no responsibility for downloading the BETA PRE-RELEASE of the software... I will agree it seems silly that they didn't build off of the latest release of webkit, however, unless you are a coder, and unless you understand what must truely go into the creation of software, I don't want to hear your calling a brilliant new entry into the web browser war...
    ZDNet Gravatar
    jacobfogg
    4th Sep 2008
  • As usaual...
    Im impressed by your (jason) beautiful words supporting the crashing of the Google Chrome. If this had happened to Microsoft, everyone will throw hot-blows on them. When it comes to Google Chrome, everyone speaking about; 'this is beta', 'there might be bugs', and thus the supporting explanations goes on.
    I still know alot of forums, shouting at the bugs in the IE8 beta release. At that time, there was no one to think that IE is in BETA state.
    Anyway, choices & opinions are personal. It will be much better, if u watch your back at the time of commenting.
    ZDNet Gravatar
    abhilashca
    4th Sep 2008
  • ie8 = beta?
    You are kidding, right? IE8 != IE1. It's evolutionary, not revolutionary. Chrome is brand spankin new, not built atop previous releases.

    It's an oversight on the version of the software used to build it, not something that's coded into the product.
    ZDNet Gravatar
    smoring
    5th Sep 2008
  • except WebKit is NOT the compromised code
    the exploit has nothing to do with WebKit, but it's about
    Apple's decision to automatically download anything with Safari,
    which is part of the UI shell, not the webkit engine.

    Chrome already has an option to prompt every time before
    download, so it's actually NOT vulnerable to this carpet bombing
    exploit.
    ZDNet Gravatar
    wellofsouls
    3rd Sep 2008
  • more typical ZDnet FUD
    Chrome prevents access to user folders including the
    desktop using permissions. R-E-A-S-E-A-R-C-H
    ZDNet Gravatar
    ericesque
    2nd Sep 2008
  • Are u sure?
    Google did say they don't have full control of those plug-ins running inside Chrome.
    ZDNet Gravatar
    LBiege
    2nd Sep 2008
  • RTFA
    Did you see where demos were made, along with a link? Don't believe it? Try it yourself.
    ZDNet Gravatar
    rpmyers1
    2nd Sep 2008
  • OOPS
    Apologies!
    egg on face
    mouth outfitted with shoe store
    etc...

    In my defense, I read the whole comic, so clearly I am
    a Chrome security expert already... there must be
    something wrong with the intarweb.
    ZDNet Gravatar
    ericesque
    2nd Sep 2008
  • props for a good apology
    happy
    ZDNet Gravatar
    eggmanbubbagee@...
    3rd Sep 2008
  • RE: Google Chrome vulnerable to carpet-bombing flaw
    "Raff???s code shows how a malicious hacker can use a clever social engineering lure ??? it requires two mouse clicks ??? to plant malware on Windows desktops."

    I can do that in one click. Open Internet Explorer.
    ZDNet Gravatar
    drhowarddrfine
    2nd Sep 2008
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here