On CNET: Start your tech shopping now
BNET Business Network:
BNET
TechRepublic
ZDNet

September 2nd, 2008

Google Chrome vulnerable to carpet-bombing flaw

Posted by Ryan Naraine @ 3:05 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Exploit code, Java, Open source, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research

Tags: Google Inc., Apple Safari, Web Browser, Flaw, Raff, Microsoft Windows, Web Browsers, Security, Operating Systems, Software

In Focus » See more posts on: Google Chrome

Google Chrome vulnerable to carpet-bombing flawGoogle’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.

Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.

[ SEE: Google Chrome, the security tidbits ]

In the proof-of-concept, Raff’s code shows how a malicious hacker can use a clever social engineering lure — it requires two mouse clicks — to plant malware on Windows desktops.

The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser.

Apple patched the carpet-bombing issue with Safari v3.1.2.

Some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 128 Talkback(s)
I really wish people would take the time to proofread
mluther223 it is to "write a little more intelligent
comments THAN this. Not then this. You fool. And you are
making the "I wish people would take the time to write a
little more intellige... (Read the rest)
Posted by: scottseattle Posted on: 10/09/08 You are currently: a Guest | | Terms of Use
just proves that no software can ever be without any flaws  reverseswing | 09/02/08
Especially when its built...  flatliner | 09/02/08
Why would Apple tell them?  rpmyers1 | 09/03/08
No one except Google  tikigawd | 09/03/08
Yep. Pretty lame.  seanferd | 09/03/08
Give me a break! It's a BETA...  jacobfogg | 09/04/08
As usaual...  abhilashca | 09/04/08
ie8 = beta?  smoring | 09/05/08
except WebKit is NOT the compromised code  wellofsouls | 09/03/08
more typical ZDnet FUD  ericesque | 09/02/08
Are u sure?  LBiege | 09/02/08
RTFA  rpmyers1 | 09/02/08
OOPS  ericesque | 09/02/08
props for a good apology  eggmanbubbagee@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  drhowarddrfine | 09/02/08
RE: Google Chrome vulnerable to carpet-bombing flaw  tech_walker | 09/02/08
Wait a minute...  foo1 | 09/03/08
Both of them have a flaw  alaniane@... | 09/03/08
yes but.....  fritzendugan@... | 09/03/08
What you said...  BIGELLOW | 09/03/08
Widely used?  jasonp@... | 09/04/08
Yanno....  dcnblues | 09/04/08
Chrome given a rousing welcome  code_Warrior | 09/03/08
rust like IE?  mluther223@... | 09/03/08
I really wish people would take the time to proofread  scottseattle | 10/09/08
As I said before...  Scrat | 09/03/08
This is why you don't use a beta  Michael Kelly | 09/03/08
Wait, Chrome is *SAFARI*?  wolf_z | 09/03/08
Chrome is not Safari  Ed BurnetteZDNet Moderator | 09/03/08
Ed, that makes it Safari  wolf_z | 09/03/08
Opera introduced tabs  eMJayy | 09/03/08
Bill Gates claims to have invented tab browsing  Randalllind | 09/03/08
Probably he also invented...  Samun56 | 09/03/08
Bzzzzt  zdnet@... | 09/03/08
Give some proof  eMJayy | 09/03/08
Programs have been using tabs for at least a couple  alaniane@... | 09/04/08
Netcaptor?  charlesgentry | 09/03/08
*IS* the browser?  ericesque | 09/03/08
Safari? ...  Media-Ted@... | 09/03/08
Fewer Rendering Engines = Good  Li1t | 09/03/08
Number doesn't really matter  seanferd | 09/03/08
RE: "The rendering engine *is* the browser really..."  bmerc | 09/03/08
I'd have to agree  fritzendugan@... | 09/03/08
Firefox didn't introduce tabs  zdnet@... | 09/03/08
This is Great!  jcountz | 09/03/08
Wrong  BlasterNT | 09/03/08
A sick joke on many levels  croberts | 09/03/08
very good point (nt)  fritzendugan@... | 09/03/08
HELLO it's a BETA product  trboyden@... | 09/03/08
Beta! LOL!  rkuhn040172@... | 09/03/08
microcrap = beta  mluther223@... | 09/03/08
Oh please fanboy  zdnet@... | 09/03/08
agreed  BlasterNT | 09/03/08
Just as i suspected...  eMJayy | 09/03/08
Change Your Options  rlims | 09/03/08
Thanks...  Media-Ted@... | 09/03/08
I shouldn't have to....  eMJayy | 09/03/08
Check out the options  john.carr@... | 09/03/08
I agree that should be the default  alaniane@... | 09/03/08
I agree  eMJayy | 09/03/08
"...the most dangerous out there by far. "  bmerc | 09/03/08
Ok, maybe I exaggerated a little...  eMJayy | 09/03/08
Does the downloaded file...  arminw | 09/03/08
But...  eMJayy | 09/03/08
Change the download settings  amoore_mooremgt.com | 09/03/08
version 0.2.149.27  davidr69 | 09/03/08
Obviously not  ColDave | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  Wannabedamned | 09/03/08
How fast do we need?  Michael Of Atlanta | 09/03/08
It's a Free Country, Man.  ksheppard@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  tentaro@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  ColDave | 09/03/08
Wow, are you rude - Google products are always in Beta dummy  dano-z | 09/03/08
Google Lives in the World of Beta  dlink | 09/03/08
So what...  ColDave | 09/03/08
The article has a point though  alaniane@... | 09/03/08
I would agree...  ColDave | 09/03/08
I agree that the article  alaniane@... | 09/03/08
RE: ColDave  mubix | 09/03/08
yikes  CaptOska | 09/03/08
If your going to stay off the web  alaniane@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  ebhb2004@... | 09/03/08
Simply put  alaniane@... | 09/04/08
Carpet Bomb the Chronic Carpers  Compute_This | 09/03/08
Well said...  ColDave | 09/03/08
Chrome - Walthrough - First Impressions  pcwizkid.tech.talk@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  jkoster | 09/03/08
Windows 2000?  seannj427 | 09/03/08
Why? What's wrong with running Win 2000  alaniane@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  Darmananda | 09/03/08
Re: Download Mgr and Antispyware?  Compute_This | 09/03/08
Download option  rleavitt@... | 09/05/08
RE: Google Chrome vulnerable to carpet-bombing flaw  jhicks@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  iansane | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  Loverock Davidson | 09/03/08
Wow...how ignorant can one be  ColDave | 09/03/08
marketing, research and the power of the money  magallanes | 09/03/08
Talent, skill and "position"  joe.smetona@... | 09/03/08
Chrome download seems disabled now...  dpnewkirk | 09/03/08
NPR reported how "modern" Chrome was! (LOL)  8string | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  matojo2006 | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  sridharbhanu | 09/03/08
Chrome is actually WebKit 525.13 (Safari 3.1)  softwareFlunky | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  aaaaaaaaab | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  bigpicture | 09/03/08
Google's big mistake!  joe.smetona@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  gatewoodj@... | 09/03/08
Why did Google do it?  jscott418 | 09/03/08
Re: Why did Google do it?  gadgetdon | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  jnarvey | 09/03/08
Isolate the flaw.  joe.smetona@... | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  mwagner@... | 09/03/08
What if...  joe.smetona@... | 09/03/08
RE: Thank you Google  anon_ymous123 | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  duchovny | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  Ronspruell | 09/03/08
Fastest browser on the planet.  joe.smetona@... | 09/03/08
RE: Speculator  xesenta | 09/03/08
There is no fix for this...  Narg | 09/03/08
Then don't claim to be proactive...  amahanna | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  brendanM1122 | 09/03/08
Notice he had to use TWO flaws  XweAponX | 09/03/08
Like no one wants to put their initials in fresh cement ...  ozzie_tech | 09/03/08
RE: There is no fix for this...  GodSponge | 09/03/08
This is sensationalism crap!!!  wellofsouls | 09/03/08
Bwa-ha-ha-ha  transposeIT | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  j1111 | 09/03/08
RE: Google Chrome vulnerable to carpet-bombing flaw  francis.crossen@... | 09/11/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here