The new JavaScript speed king, Google Chrome web browser is getting hammered by security researchers over security vulnerabilities ranging from crashing the browser to potentially running malicious code on the user’s computer.  Here’s a quick round-up of what I have come across so far:

1. “Carpet bomb” – September 3, 2008. Security researcher Aviv Raff managed to discover this vulnerability hours after the browser was released. The vulnerability, when exploited could litter the user’s download directory with numerous irrelevant files or could potentially be used to exploit other vulnerabilities that may exist on the user’s machine.

Raff describes on his site how a specially-crafted java archive file (JAR), combined with a social engineering ploy could trick a user in to downloading and executing the file without any warning from the browser.

The vulnerability comes from Google’s use of an outdated version of WebKit, the open source browser engine toolkit used also by Apple’s Safari browser. The WebKit version used in Chrome is the same used in Safari 3.1, which had its own set of vulnerabilities.

2. URL Handler Crash – September 3, 2008. Rishi Narang discovered an issue in Chrome that can crash Chrome altogether when the user visits a specially-crafted URL, throwing the following (G)message:

Whoa! Google Chrome has crashed. Restart now?

3. ‘SaveAs’ Buffer Overflow – September 5, 2008. SVRT-Bkis, a security team from Vietnam discovered this vulnerability that can allow an attacker to take control of the user’s computer.

The vulnerability lies in the “Save page as…” function which causes a buffer overflow when saving pages with very long page titles.  This aids the attackers to execute arbitrary code on users’ systems.

As of this writing, Google has patched this vulnerability.

4. “Tool tip” DoS – September 8, 2008. Exodus of BlackHat Security (Israel) has discovered that a large object title can crash Chrome. This works on the current version of Chrome (0.2.149.29 Built 1798). The PoC is here.

Update: Click here for an updated list of all publicly tracked Chrome issues.

Article updated - October 01 - 3PM +4GMT

Share / Save

View Tahir's Profile      Subscribe via RSS