Google Chrome patch?
Wednesday, September 3rd, 2008Described in my previous entry, Google’s newly released browser, Chrome has a major security vulnerability.
Rumor has it, they have a quick fix.
Major security exploit published for Google’s Chrome
Wednesday, September 3rd, 2008Less than 24 hours after the release of Google’s new web browser, Chrome, a vulnerability has been discovered and released into the wild.
The proof of concept is described in this zdnet article. This carpet-bombing technique allows an unsuspecting user to download and execute a JAR file without warning.
A harmless demonstration can be found on the discoverer web-page.
http://raffon.net/research/google/chrome/carpet.html
Simply browsing to the site in IE, Fx 3 and you will be prompted with the typical download prompt.
Browsing to the site with Chrome and the Java Jar file is automatically download to your host.
I think, I’ll wait for version 2, maybe 3 or 4.