Chrome suffers first security flaw

On Wednesday, researchers announced a flaw in how the Google Chrome browser behaves with undefined handlers. An exploit provided as a demonstration crashes the new browser.

In an article on the Securiteam site, Rishi Narang from Evilfingers says a crash can occur without user interaction. If a user is provided a malicious link with an undefined handler followed by a special character, Chrome crashes.

In Google-speak, the browser displays a message: "Whoa, Google Chrome has crashed. Restart now?"

Narang found the fault in chrome.dll version 0.2.149.27. More details can be found on this Evilfingers page.

And on Tuesday, mere hours after Chrome was released, researcher Aviv Raff concocted a proof-of-concept demo to show how the Google browser could be made vulnerable to a carpet-bombing flaw and thus open a window for ill-intentioned hackers.

This article was first published as a blog on CNET News.com.

Talkback 2 comments

• Information Security Administrator
• ISS Security Testing Specialist Application Assessment & Penetration Testing S&D
• Multiple Security Engineer…….Post sales
• Network Engineer ….. Security
• Multiple Security Engineer………Consultancy

TechGuides

Reviewing scheduled task inventory for Windows Server 2008 R2

Default installations of Windows Server 2008 R2 enumerate a number of default scheduled tasks, many of which you may not need.

Read more »

Latest from Blog Central

Amendments to empower Copyright Tribunal

Read more »

Cutting-edge technology from premium sponsors

Adaptive Threat Management

High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?

More resources to optimize the security of your enterprise »

Brought to you by:

 

 

 

More Tech Showcases:

Juniper Networks