Security flaws hit Google’s Chrome

The web giant's browser isn't so shiny, say researchers, as Google changes the controversial user license.

Security researchers have been quick to find flaws in Chrome, Google's shiny foray into the browser market.

Google launched the browser this week, to the surprise and delight of many, but security researcher Affiv Raff posted yesterday on his site a proof of concept for an exploit in the browser, which takes advantage of code borrowed from an old version of Apple's Safari. The flaw leaves the Google browser open to carpet bombing attacks, the researcher said.

According to Raff, Chrome is based on WebKit 525.13, which is essentially Safari 3.1, and features the same flaw that Apple has since patched in its browser. That flaw, paired with a Java bug, could be used to execute code in Chrome.

Raff wrote: "I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it's very problematic. They'll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time."

Raff added: "Chrome seems to be a very nice and slick browser, but it is far from being secured as it is advertised by Google. It borrows several insecure features from other browsers, and it has its own security design flaws."

Another flaw was discovered by researcher Rishi Narang, which he said can lead to the browser crashing without any user interaction.

He wrote on his site: "When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window Whoa! Google Chrome has crashed. Restart now?'."

Another criticism of the Chrome browser has been the user licence, section 11 of the agreement which pops up when users download the software.

At launch, it creepily read: "By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services."

After a bit of controversy, Google has now changed it to: "You retain copyright and any other rights that you already hold in Content that you submit, post or display on or through the Services."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Chrome vs Firefox vs Microsoft Edge
web browser

Chrome vs Firefox vs Microsoft Edge

26 Feb 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

26 Feb 2021