An Israeli security researcher Aviv Raff has released proof-of-concept code that targets a vulnerability in an old version of WebKit being used by the Google Chrome browser as well as a Java bug. With a little social engineering, users can be tricked into downloading malware onto Windows desktops.
Ironically, the WebKit flaw this targets was patched already by Apple. Raff has created a demonstration for the flaw that will download a Java Archive file onto a user’s desktop that gets executed without warning. Once the user double-clicks the download at the bottom of the screen, the application is opened.
The demonstration, available here, reportedly opens up a harmless notepad application written in Java.