Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Wednesday, September 03, 2008 2:45 PM PT Posted by Nick Mediati

"Carpet-bombing" Flaw Discovered in Chrome

Google_Chrome_Logo-350.jpg
Earlier this year, security researchers found a so-called "carpet bombing" flaw in Apple's Safari browser, where visiting a malicious site could result in a bombardment of downloads to the user's desktop. As ReadWriteWeb reports, this same old security vulnerability has cropped up in Google's new Chrome Web browser.

ReadWriteWeb explains that "after a user double-clicks the download at the bottom of the screen [where Chrome displays files once they have been downloaded], this application is opened without any warning, which would allow a malicious hacker to easily execute any Java program on a user's machine." Yikes.

Safari and Chrome are cousins, as both use the open-source WebKit browser engine at their core. Apple, however, already issued a fix to this problem in June with the release of Safari 3.1.2, two months after the bug was first discovered. In Safari 3.1.2, the program asks you to confirm that you want to download files; prior to that, Safari would download files without a warning.

This bug has been around for a while and I'm a little surprised that it slipped through the cracks and made it into the public release of Chrome. Apparently, though, Google uses a slightly older version of WebKit in Chrome--one still affected by this bug.

Aviv Raff has more information on this bug, and links to a demonstration of how the flaw works.

As always, surf safely, everyone!

Comments
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: