Quantcast



Docs

Blogs

Forums

Samples

Media

Labs

Resources
 




DevCentral > Weblogs > Colin Walker - Off the map where the wild things grow...
 Google Chrome reports first major security flaw
posted on Wednesday, September 03, 2008 1:55 PM

It's Beta software, it was inevitably going to have some bugs. This bug, however, is a little bit embarrassing for the good folks over at Google. RWW has an article that describes a potentially nasty security hole made possible by Chrome, a known Java bug, and an un-patched WebKit.

You can read the whole article here, but the gist of it is that users can be duped with relative ease into executing just about any Java program that an attacker wants. That's bad. Very, very bad, in case you weren't already sure.

"It's Beta software!" you say, "There's no embarrassment there!". I'd generally agree, but RWW goes on to mention the part where this is a known bug with an old version of Apple's WebKit, and could have been avoided had Google used a more recent version as a basis for Chrome.

Yes, it's Beta software, yes, it requires user interaction to execute, but this is still a pretty nasty bug, stemming from an easily avoided, well-known issue. That's bad, last I checked.

This isn't a horrendous issue as I'm sure Google will just update the version they're using before general release, but for the thousands (millions?) of people that are already using Chrome, you might want to be careful what you click on.

#Colin

Email This
  del.icio.us
      

Feedback

9/3/2008 3:19 PM
Gravatar Party on Wayne! Party on Garth! It's a great big party in the world of beta software. Anyone that switches full time the first day of a product release is, as one of my commenter's pointed out, a complete idiot. Use it to try things out but give it a few weeks to get things like this worked out and patched. I did notice that the nightly build is available from chromium.org so odds are features/fixes will be added almost daily.

-Joe
Joe Pruitt
9/3/2008 3:24 PM
Gravatar Agreed. Between that and a lack of linux support, though, I think I'll wait to join the masses that are fawning all over Chrome. I'm sure it's great, but FF3 is working just fine for me, and it runs fantastic on my ubuntu box. ;)

#Colin
Colin
9/6/2008 3:23 PM
Gravatar I'm having surprising success running Chrome on my Linux box using Wine! Not perfect yet, but it's such an instantly popular app and it almost works that fixes to Wine were being committed quickly, and with Wine coming out every two weeks it should be near-perfect next version or the one after.

Then I can give Google every piece of personal data down to my DNA code ;-p
David Gerard
 Leave Feedback
Title  
Name  
Email
Url
Comments   
Please add 5 and 2 and type the answer here:

Copyright 1996 - 2008 F5 Networks, Inc. | Privacy Statement | Terms Of Use