/>
X
Business

Google Chrome vulnerable to carpet-bombing flaw

Google's shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities -- a flaw in Apple Safari (WebKit) and a Java bug discussed at this year's Black Hat conference -- to trick users into launching executables direct from the new browser.
Written by Ryan Naraine, Contributor on
Google's shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities -- a flaw in Apple Safari (WebKit) and a Java bug discussed at this year's Black Hat conference -- to trick users into launching executables direct from the new browser.

Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.

[ SEE: Google Chrome, the security tidbits ]

In the proof-of-concept, Raff's code shows how a malicious hacker can use a clever social engineering lure -- it requires two mouse clicks -- to plant malware on Windows desktops.

The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser.

Apple patched the carpet-bombing issue with Safari v3.1.2.

Some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.

Editorial standards

Related

How much RAM does your Windows 11 PC need?
adobestock-339222220

How much RAM does your Windows 11 PC need?

What is ChatGPT and why does it matter? Here's what you need to know
chat bot

What is ChatGPT and why does it matter? Here's what you need to know

These are my 5 must-have devices for work travel now
ipad-mini-firewalla-purple-macbook-air

These are my 5 must-have devices for work travel now