Earlier this week, Google unleashed the latest contender for the title of 'Best Web Browser', Chrome, in the beta stage (Aaaaaargh...it seems like Google has been in the Beta stage for 2500 years now), and the hacker community has already begun searching the inner workings of the browser for every possible flaw.Whats more, noted security researcher Aviv Raff has managed to find a flaw in the system which, if exploited, would allow hackers automatically get a 'Chrome' running computer to download a malicious file.
Generally, A Java (.JAR) file is highlighted when needed for download by the browser, such as Firefox. But with the version of the WebKit Google used to develop Chrome does not include such a prompt. What this essentially means is that hackers could use this to launch an Java-based attack without users knowing what file they're downloading. This could be used to install trojans, rootkits, keyloggers, etc.
Browsers such as Safari or Firefox or even IE 8 use a newer version of the WebKit and aren't vulnerable to such a flaw... but then Google would just say this is what a beta version is for!! Hmm.... maybe beta's not so bad after all :)
0 comments :
Post a Comment