Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Security

Google Chrome vulnerable to data theft flaw

Summary: Google has seeded a new version of its Chrome browser to developers with fixes for a pair of security issues that could expose users to data theft.The issue, rated as a "moderate" risk could allow hackers to use HTML files to steal arbitrary files from a victim's machine.

Ryan Naraine

By for Zero Day |

Google Chrome vulnerable to data theft flawGoogle has seeded a new version of its Chrome browser to developers with fixes for a pair of security issues that could expose users to data theft.

The issue, rated as a "moderate" risk could allow hackers to use HTML files to steal arbitrary files from a victim's machine.

Details below:

  • r4188 and r4827 Address an issue with downloaded HTML files being able to read other files on your computer and send them to sites on the Internet. We now prevent local files from connecting to the network using XMLHttpRequest()  and also prompt you to confirm a download if it is an HTML file.

    • Severity: Moderate. If a user could  be enticed to open a downloaded HTML file, this flaw could be exploited to send arbitrary files to an attacker.

The patch, which will eventually be rolled out via Chrome's automatic update feature, also adds new features around bookmarking and pop-up blocking.

Topics: Security, Browser, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion

  • Chrome vs IE

    I'm having a hard time really get too concerned about issues raised about non MW browsers. For years the public was ignorantly suffering under the merciless dictatorship of IE, never aware of other options. Poor MS now they are having to actually work (read try more underhanded ways to make their products required) to try to keep their marketshare.
    I did a real life comparison between the two browsers, the same 7 tabs to load on start of the browser. IE loaded them in 1 minute and 11 seconds. Chrome 15 seconds flat. Almost 5 to one. Yeah, I am really worried that the people at Google can't fix a security issue when they can create products that dance circles around MS.
    webgov
    Reply Vote

    • I only use Chrome

      Since it was released. And it works very fine. It has
      the better performance over the others.
      I'm an Oracle Apex programmer over Chrome.
      If I want javascript debug I use FF with firebug.
      IE only to see the result before put in production.

      I don't have time waiting for the IE or FF to open...
      apsantos
      Reply Vote

  • I could not get Chrome to do that

    long enough to do an actual sampling, as it kept crashing.

    What good is it to have the ability to dance if you repeatedly can not make it to the dance hall?
    GuidingLight
    Reply Vote

    • meant as a reply to mjordan@ <NT>

      :(
      GuidingLight
      Reply Vote

    • What site is it crashing on?

      I use FF for most of my browsing, but occasionally I fire up Chrome. I have yet to have it crash on me. I've only had FF crash once or twice since it was released. Every once in a while I'll try out IE for a while, but it has always seemed to crash with some regularity. The only thing I use with any regularity that seems to crash anywhere nearly as often as IE would be Yahoo Messenger, and if it weren't for the fact that so many of the people I know use it I'd never install that POS. I can generally count on it crashing anytime I have a conversation that lasts more than 30 minutes. With IE, once a day doesn't seem to be overstating things. Pages that auto-refresh, like cnn.com, seem to crash IE more than anything from what I can tell.
      jasonp@...
      Reply Vote

  • GOOGLE CHROME: USE AT YOUR OWN RISK

    Folks should be mindful that Chrome isn't a production application and treat it as such.

    USE AT YOUR OWN RISK!
    no_zd_user_name
    Reply Vote

    • Since when did Google come up with a non-Beta offering? NT

      NT.
      transposeIT
      Reply Vote

  • Google vs Microsoft Dinosaur

    All internet products will be susceptible to hacking.
    Security - Physical or Digital - is merely a matter of
    time function - how difficult it is the overcome.

    Google have shown that they can cut code that is much
    more efficient than Microsoft - one reader stated
    Chrome being 5x more efficient than IE Explorer v.? -
    I agree. This is at the core of Microsoft's demise -
    an inability to write efficient code.

    Google are in the wings to provide a full service of
    office applications - browsers - mobile links - data
    storage (private domain) - pulled together in a fully
    integrated package.

    Microsoft is now a "Legacy" provider with a ball &
    chain restricting its innovation - now in the era of
    the "Decline and Fall"

    In the 90s, as a Technology Guru sitting on an
    International Panel, I was asked the question "What is
    the most critical issue facing IT in the next 25
    years".

    My response "Rapid Access / Retrieval to/from the ever
    increasing volumes of Data.

    Google has delivered.
    InvestEast
    Reply Vote

  • RE: Google Chrome vulnerable to data theft flaw

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close