Chrome suffers from old WebKit vulnerability

— 11:10 AM on September 3, 2008

Well, that didn't take long. Within hours of Chrome's release yesterday, security researcher Aviv Raff managed to find a hole in the new Google browser. As ZDNet reports, the flaw actually targets an older version of the WebKit rendering engine. Apple's latest Safari release (3.1.2) uses a newer WebKit release that's immune, but Chrome doesn't.

Raff has put up a proof-of-concept demo showcasing the vulnerability. The demo causes Firefox to display a prompt asking the user to download a Java JAR file, but in Chrome, the file downloads automatically to the user's desktop. With a little social engineering (a red arrow pointing to the file in Chrome's download toolbar), users could unknowingly execute the Java app. The app is a simple text editor in Raff's case, but malicious coders could easily use the flaw to plant malware on users' systems.

Interestingly, ZDNet says the vulnerability can also lead to a "combo attack" through an unpatched Internet Explorer flaw. Raff discussed that combo attack in relation with Safari back in late May, although he apparently hasn't released details yet.

Like what we're doing? Pay what you want to support TR and get nifty extra features.
Top contributors
1. BIF - $340 2. Ryu Connor - $250 3. mbutrovich - $250
4. YetAnotherGeek2 - $200 5. End User - $150 6. Captain Ned - $100
7. Anonymous Gerbil - $100 8. Bill Door - $100 9. ericfulmer - $100
10. dkanter - $100
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.