Thursday, September 04, 2008

[itsdifferent] Chrome bugged with Carpet Bug

Israeli researcher Aviv Raff confirmed that few days old "carpet bomb" can harm Chrome browser.

Raff explained that this is possible as Google used an older version of WebKit
Webkit is the base rendering API used for rendering HTML Content on client screen, Apple Safari is also using Webkit.

Hackers can use the auto-download vulnerability (aka 'Carpet Bomb') in combination with a [user interface] design flaw and an issue with Java that doesn't display a warning on execution of JAR files downloaded from the Internet.

An Indian researcher, Nitesh Dhanjani reveled this Bug in early May and named for the way it could be used to dump files onto the Windows desktop.
From where it might tempt a curious user into opening the file.

Apple patched this bug in mid-June and updated Safari to 3.1.2.

Google on the other hand used an earlier version of Webkit, and so the bug is also shipped.

There are other interface related issues, Chrome creates button for all files which are downloaded by the browser. In the case above discussed, a malicious software downloaded unethically does not remain on desktop but is kept as a button link in the browser and many users might get victimized with this kind of interface.

This threat now illustrates a bigger problem for Chrome.

Note: This Group is not a Job Searching Group, so please co-operate and dont transfer any kind of job related material across this Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators
Need traffic?

Drive customers

With search ads

on Yahoo!

Yahoo! Groups

Join people over 40

who are finding ways

to stay in shape.

Yahoo! Groups

Balance your life

by learning how to

make smart choices.



No comments: