Google chrome is vulnerable… watch out there’s real danger on your way!!
Google Chrome has quickly become one of our favorite browsers occupying 1% market share on the very first day, but don’t be overwhelmed with this fact as there are many potential threats involved with the beta version currently.
Although the hot and happening web-browser from Google has barely entered the world, security researchers have been quick enough to find flaws in Chrome, which was supposed to be Google’s shiny foray into the browser market.
Before proceeding with the discussion, you can download the Google chrome beta version here & check it out yourself!
Welcome HACKERS!!
However be careful not to use it especially at cyber cafes or publicly shared systems, as you would be totally vulnerable to all the HACKERS everywhere!
Google launched the so called ideal browser; the Chrome this week, to the surprise and delight of many, but security researcher conceptually proved possibilities of exploiting the browser in a way, which takes advantage of code borrowed from an old version of Apple’s Safari.
As a result, this flaw leaves the Google browser open to carpet bombing attacks. Factually speaking, Chrome is apparently based on WebKit 525.13, which is essentially Safari 3.1, and suffers from the same flaw that Apple has since patched in its browser. That flaw, paired with a Java bug, could be used to execute code in Chrome.
A security evangelist at Kaspersky Lab, reports, Chrome has also inherited a potentially serious security flaw from the old version of WebKit it is based on.
An attacker could easily trick users into launching an executable Java file by combining a flaw in WebKit with a known Java bug and some smart social engineering, thanks to Google!
It’s actually kinda’ surprising why Google has adopted several features from other browsers like Opera, Safari and mixed them all together because maintaining all the features security-wise is very hectic and problematic.
To do so, they must track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time.”
Although Chrome is a handy and slick browser, but it is far from being secured as it is advertised by Google! It borrows several insecure features from other browsers, and it has its own security design flaws as well!
Let’s see the details of this security flaw, which terms Google as carpet-bombing potential victim!
Carpet-Bombing
The most threatening problem is that whenever a user double-clicks the download at the bottom of the screen, this application is opened without any warning, which allows a malicious hacker to easily execute any Java program on a user’s machine!
Many internet researchers have even set up experiments to show the vulnerability of Chrome by executing Java scripts to open a simple notepad and likes of it… So if just testers can do it easily with good-will then you can imagine what the hackers would do!!
This exploit is really embarrassing for Google as first of all, Google stressed the security of Chrome in both the official announcement as well as in the live video demo just before the launch.
Google is ignorant?
But the shocking fact is that Apple already patched WebKit against this flaw when it released Safari 3.2.1 in July, though only after the flaw had been known already for more than two months.
Google, however, is using an older version of WebKit as the basis for Chrome. Obviously, this exploit only works because of the social engineering behind it.
Just like some pop-up ads trick users into clicking “OK” because the ad mimics a typical system message in Windows, this exploit would trick users who are not yet familiar with Chrome’s interface into believing that the download is actually just part of the web page.
Hope for a better tomorrow!
Hopefully Google will patch this flaw a lot faster than Apple did, but this fact will surely put up a bit of a damper on our enthusiasm for Chrome.
