Well, that didn't take long. Within hours of Chrome's release yesterday, security researcher Aviv Raff managed to find a hole in the new Google browser. As ZDNet reports, the flaw actually targets an older version of the WebKit rendering engine. Apple's latest Safari release (3.1.2) uses a newer WebKit release that's immune, but Chrome doesn't.
Raff has put up a proof-of-concept demo showcasing the vulnerability. The demo causes Firefox to display a prompt asking the user to download a Java JAR file, but in Chrome, the file downloads automatically to the user's desktop. With a little social engineering (a red arrow pointing to the file in Chrome's download toolbar), users could unknowingly execute the Java app. The app is a simple text editor in Raff's case, but malicious coders could easily use the flaw to plant malware on users' systems.
Interestingly, ZDNet says the vulnerability can also lead to a "combo attack" through an unpatched Internet Explorer flaw. Raff discussed that combo attack in relation with Safari back in late May, although he apparently hasn't released details yet.