Rishi Narang posts - Security

September 3, 2008 7:29 AM PDT

On Wednesday, researchers announced a flaw in how the Google Chrome browser behaves with undefined handlers. An exploit provided as a demonstration crashes the new browser.

In an article on the Securiteam site, Rishi Narang from Evilfingers says a crash can occur without user interaction. If a user is provided a malicious link with an undefined handler followed by a special character, Chrome crashes.

In Google-speak, the browser displays a message "Whoa, Google Chrome has crashed. Restart now?"

Narang found the fault in chrome.dll version 0.2.149.27. More details can be found on this Evilfingers page.

And on Tuesday, mere hours after Chrome was released, researcher Aviv Raff concocted a proof-of-concept demo to show how the Google browser could be made vulnerable to a carpet-bombing flaw and thus open a window for ill-intentioned hackers.

Click here for full coverage of the Google Chrome launch.

Topics:: Vulnerabilities and attacks,; News

Tags:: security,; Securiteam,; Rishi Narang,; EvilFinders,; Chrome,; Google

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

2010 CES
Robot floor cleaner Mint gets those tight spots
Mint is a robot mop/duster for hard floors that can detect walls and fit into tight corners. It's a cheaper, smaller alternative to Scooba, but offers a lighter scrub.
Gallery
Navteq laser vision's view of the world (images)
The Open Road
Should enterprise IT piggyback on consumer Web?
Enterprise software is notoriously expensive and complex, while the consumer Web is the exact opposite. Should software vendors start borrowing Web infrastructure?
2010 CES
Project Natal gets a date, but not a price tag
The Xbox 360 add-on is aimed for a holiday release, as had been expected. Redmond also touts Windows 7 sales numbers and shows off the latest PCs, including an HP tablet.
Video
Highlights from the Microsoft keynote
2010 CES
Sprint announces 3G/4G wireless Wi-Fi router
Sprint Nextel has announced a device that allows subscribers to share their 3G/4G wireless signal with up to five Wi-Fi devices.
Video
Seth Meyers skit at the Microsoft keynote
Digital Media
Baidu launching online-video company
Chinese search provider Baidu to create new company to provide premium online video, trying to satisfy growing demand among users in China for high-quality video.
The Space Shot
Shuttle Endeavour readying for February launch
Shuttle moved to launch pad 39A Wednesday for a planned February 7 liftoff on a space station assembly mission, the first of a final five flights planned for 2010.
Gallery
Unboxing the Nexus One (photos)
2010 CES
Hands-on with the TomTom Ease
We got our hands on TomTom's newest entry level GPS device and we have the pics to prove it.
Green Tech
'Google Energy' subsidiary considers clean power
Google creates energy subsidiary and submits a request to buy and sell electricity. It's part of Google's goal to use large amounts of renewable energy to offset its carbon footprint.