Saturday, September 06, 2008

Security vulnerability in Google Chrome browser

Hours after Google's very own browser Chrome was launched news is rife in the Internet world about its security vulnerability termed as carpet-bombing flaw.

The issue that this new arrival in the browser world faces is the Carpet bombing flaw: This is a combination of two vulnerabilities: one found in the Apple Safari (webkit) which Chrome uses and another a Java bug. This causes the users into launching executable files direct from the browser without any notification. This could lead to malicious hacker attacks.

This was an automatic download vulnerability found in Apple's Safari 3.1 and was already fixed by Apple in its next version,Safari v3.1.2. But Google, it seems, is using the WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of the Safari browser.

It is said that Chrome could have more security issues in store. According to the researcher Aviv Raff who brought to light this vulnerability "I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it’s very problematic.They’ll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time."

So let us wait and watch what is in store for Chrome on the security front. In other areas such as speed and stability Chrome has already gained huge appreciation and has proved to be much better than other existing browsers.