Google downplays Chrome's carpet-bombing flaw
"Lenssen: There are ways to make Chrome automatically download a file without the user confirming this (at least using Chrome’s default options). Don’t you consider that a potential problem?
Rakowski: On its own, downloading a file isn’t dangerous. It can be annoying if a site tries to download a bunch of files to fill up your hard drive, but there are other ways to do things like that and it hasn’t become a problem. The danger arises when an automatically downloaded file can be automatically executed. We’ve taken steps to prevent this in Google Chrome and will continue to make sure that this is the case. "
In reality, the danger arises from an automatically downloaded malicious file with a changed icon and a descriptive title or backdoored but legitimate Windows Office files downloaded without any notice, not from dumping hundreds of files on a particular desktop. Causing a denial of service attack next to dumping a piece of crimeware isn't really going to do much for a malicious attacker wanting your Ebanking data.
The level or exploitability of any of Chrome's vulnerabilities is proportional with its market share, and whereas there are no
Chrome's been receiving lots of criticism internationally, with Germany's Federal Office for Information Security urging users not to use the browser, next to the Dutch Computer Emergency Response Team (Govcert.nl) recommending its use only in test environments due to the BETA release. For the time being, it's clearly a wait and see how they threat security issues type of situation.