Google's New Chrome Browser Vulnerable to Exploits

By Matthew Harwood

On Tuesday, Google released a beta version of its new Chrome browser. One day later, security researchers had already found two significant flaws in its design.

The first vulnerability comes via The Register:

The WebKit engine used inside Chrome leaves it vulnerable to the infamous Safari carpetbombing flaw, security researcher Aviv Raff warns. The flaw stems from a combination of a vulnerability in Apple Safari WebKit and a Java security bug, security blogger Ryan Naraine reports.

As a result Windows users of the beta software might be tricked into downloading malicious files onto their desktop. Raff has published a harmless proof-of-concept exploit in order to illustrate his concerns.

The second vulnerability found in Chrome was discovered separately by security researchers Rishi Narang and JanDeMooij. By entering through the browser's URL bar, hackers can exploit one of the browser's components and cause an application crash.

"Anyone who has followed Google with respect to security would not trust that Chrome will be safe to use for quite some time," said Randy Abrams, director of technical education at ESET, a security software and research firm, told "Google is at about the same place Microsoft was a decade ago. They have some bright security people, but marketing is trampling over security left and right."

Despite these two vulnerabilities, there has been much praise for Chrome's security features, which include "sandboxed" tabs, anti-phishing technology, and a privacy mode for Web browsing called "Incognito," which does not record the Web sites visited.

Sandboxed tabs, according to SC Magazine, means when multiple tabs are opened in the browser, they will all run on separate applications. This means when one tab is running slowly, it will not affect the speed of the other tabs. Sandboxed tabs also protect against self-installing malware which can jump from one program to another and infect the machine. Currently, all a Chrome user has to do to neutralize a tab riddled with malware is close the tab.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.