Security flaws for Chrome; needs more polish
Thrax
🐌Austin, TX Icrontian
<p>Yesterday's <a href="http://icrontic.com/news/introducing_google_chrome">release</a> of the long-rumored Google browser, dubbed Chrome, signaled a heavyweight entry into the burgeoning field of cloud computing. Based on the WebKit HTML rendering platform which has well-served Apple's Safari browser, the browser also features the "V8" JavaScript rendering engine said to improve execution speed in excess of fifty-fold. Google appears to be positioning the sites-as-apps model leveraged by the browser to heighten the profile of their growing web application suite. Yet, in spite of Google's multi-year dedication to the project, <a href="http://blogs.zdnet.com/security/?p=1843">exploits</a> have been appearing within the last twenty-four hours.</p>
<p>In a technique called "Carpet Bombing," a spin on the age-old technique social engineering offers the user an opportunity to reap rewards they would probably appreciate. In the (safe) <a href="http://raffon.net/research/google/chrome/carpet.html">proof-of-concept</a>, a user's confidence is gained by the promise of free coffee coupons and is offered a download to obtain them. Unfortunately, the file in question is a JAR file which can be executed by any machine running Sun's <a href="http://www.java.com">Java</a> VM. Any unwitting user attracted by the offer need only attempt to open the file, thereby executing the malicious code contained in the JAR.</p>
<p>The exploit is made possible because Chrome runs on an outdated version of the aforementioned WebKit rendering engine. Chrome's useragent -- what the browser reports to a website upon access -- reports WebKit version 525.13, or Safari version 3.1. Apple patched this exploit in late June with the release of Safari 3.1.2.</p>
<p>Other exploits of a more innocuous nature are also appearing. The <a href="http://evilfingers.com/advisory/google_chrome_poc.php">EvilFingers</a> security blog demonstrates that the browser can be easily crashed. By rigging a site to refer to a non-existent handler, succeeded by a "special" character, Chrome is made to crash without fail. A handler is a method of interpreting the protocol, such as HTTP:// or [url]FTP://,[/url] cited at the beginning of an address.</p>
<p>While the flaws remain superficial, they're undeniably careless. As the browser continues to go through the ever-important vetting process, more exploits are bound to surface.</p>
<p>In a technique called "Carpet Bombing," a spin on the age-old technique social engineering offers the user an opportunity to reap rewards they would probably appreciate. In the (safe) <a href="http://raffon.net/research/google/chrome/carpet.html">proof-of-concept</a>, a user's confidence is gained by the promise of free coffee coupons and is offered a download to obtain them. Unfortunately, the file in question is a JAR file which can be executed by any machine running Sun's <a href="http://www.java.com">Java</a> VM. Any unwitting user attracted by the offer need only attempt to open the file, thereby executing the malicious code contained in the JAR.</p>
<p>The exploit is made possible because Chrome runs on an outdated version of the aforementioned WebKit rendering engine. Chrome's useragent -- what the browser reports to a website upon access -- reports WebKit version 525.13, or Safari version 3.1. Apple patched this exploit in late June with the release of Safari 3.1.2.</p>
<p>Other exploits of a more innocuous nature are also appearing. The <a href="http://evilfingers.com/advisory/google_chrome_poc.php">EvilFingers</a> security blog demonstrates that the browser can be easily crashed. By rigging a site to refer to a non-existent handler, succeeded by a "special" character, Chrome is made to crash without fail. A handler is a method of interpreting the protocol, such as HTTP:// or [url]FTP://,[/url] cited at the beginning of an address.</p>
<p>While the flaws remain superficial, they're undeniably careless. As the browser continues to go through the ever-important vetting process, more exploits are bound to surface.</p>
0