RSS Feed (xml)
Google has announced the beta version of the web browser called Chrome. The new web browser is open source and it targets to change Internet browsing in the future. One of the feature of Chrome is that it wil have a user interface that is reduced to minimum and focus on an omnibar search auto completion feature, you can start applications that are usually accessed through the browser, but can be added as applications to the Windows Start Menu as well as anonymous browsing support and a Download manager.
See the Google Chrome comic book presentation HERE.
You can download the beta version from HERE.
The Google research center has credited themselves for finding their first vulnerability too.
Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.
Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.
On the Google Blogoscoped blog, some of the security tidbits are mentioned:
* Chrome has a privacy mode; Google says you can create an “incognito” window “and nothing that occurs in that window is ever logged on your computer.” The latest version of Internet Explorer calls this InPrivate. Google’s use-case for when you might want to use the “incognito” feature is e.g. to keep a surprise gift a secret. As far as Microsoft’s InPrivate mode is concerned, people also speculated it was a “porn mode.”
* Web apps can be launched in their own browser window without address bar and toolbar. Mozilla has a project called Prism that aims to do similar (though doing so may train users into accepting non-URL windows as safe or into ignoring the URL, which could increase the effectiveness of phishing attacks).
* To fight malware and phishing attempts, Chrome is constantly downloading lists of harmful sites. Google also promises that whatever runs in a tab is sandboxed so that it won’t affect your machine and can be safely closed. Plugins- the user installed may escape this security model.
You can also test through the google’s carpet bombing Demo. Just open this Test
link to test the vulnerability through chrome.
Here you can examine how a malicious hacker can use a clever social engineering lure it requires two mouse clicks to plant malware on Windows desktops.
The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser.
Apple patched the carpet-bombing issue with Safari v3.1.2.
Some Google Chrome earl adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.
Though our favorite company has released the beta version but it has not claimed that the vulnerability is fixed.
For those who want to have some fun, try this. Type anything (may be nothing, but excluding http) then type :% and look what happens.
My personal view: Chrome is very fast, easy and friendly to use but can be a lot more better if Google soon fixes most of the known bugs. Even then getting a browser share of 4% on the second day is really a remarkable achievement.
No comments:
Post a Comment