Google Chrome vulnerable to Java bug
An Israeli security researcher Aviv Raff has released proof-of-concept code that targets a vulnerability in an old version of WebKit being used by the Google Chrome browser as well as a Java bug. With a little social engineering, users can be tricked into downloading malware onto Windows desktops.
Ironically, the WebKit flaw this targets was patched already by Apple. Raff has created a demonstration for the flaw that will download a Java Archive file onto a user’s desktop that gets executed without warning. Once the user double-clicks the download at the bottom of the screen, the application is opened.
The demonstration, available here, reportedly opens up a harmless notepad application written in Java.
Source:→ eWeek
No comment yet
-
Pingback from 1» Google fixes Chrome vulnerabilities says:September 8th, 2008 at 12:27 pm
[...] however, no need to mention Beta ones. Google Chrome was struck with several vulnerabilities (more here, and here). Google recently started spreading the release to small groups quietly according to [...]
-
Pingback from 2» Google Chrome - Day 2 says:September 3rd, 2008 at 12:36 pm
[...] old version of WebKit used in Google Chrome has been found vulnerable already that would, with little social engineering, allow malwares to be downloaded onto user’s [...]
