Security Problems with Google Chrome?

There was a security threat with Google’s web browser - Google Chrome. According to the Google Chrome Team, there was an error in handling URLs with a chromehtml: protocol. This allowed the attacker to run scripts of his choice on any page or enumerate files on the local disk under certain conditions. Because of this problem, the attacker could endanger any user who browsed a malicious site using Internet Explorer and had Google Chrome installed.

clip_image003There was a security threat with Google’s web browser – Google Chrome. According to the Google Chrome Team, there was an error in handling URLs with a chromehtml: protocol. This allowed the attacker to run scripts of his choice on any page or enumerate files on the local disk under certain conditions.

Because of this problem, the attacker could endanger any user who browsed a malicious site using Internet Explorer and had Google Chrome installed.

As per IBM Rational Application Security Insider, this allowed a dangerous combination of new security vulnerabilities letting a malicious attacker to bypass the Same Origin Policy restrictions for any site using the victim’s Google Chrome.

The dangerous impact:

  1. Cross-Site Scripting attack where the attacker could steal cookies, save form filler data, modify user-browsing experience and facilitate phishing attacks.
  2. Leaking of information: from the victim’s files and directories on the local file-system.

But, the good news is that a FIX has been released: Version 1.0.154.59 of Chrome and hopefully, all the security issues revolving around Google Chrome are under control now.

Link: Fix for Chrome

(Source: GoogleChromeReleases | IBM watchfire)

One Comment

Jeff May 26, 2009

I spent a lot of research on this and the winner is http://www.freedur.com. It beats lame proxify.net site – I can open any site through freedur.
I watch Youtube videos at work ! They have a portable version – I put it on my USB stick. Nothing to install – just run it and it jsut works.
Super easy proxy solution for me.