Chrome suffers first security flaw

Researcher Rishi Narang discloses a malicious link that can crash the new browser. In Google-speak, "Whoa!"

September 3, 2008 7:29 AM PDT

On Wednesday, researchers announced a flaw in how the Google Chrome browser behaves with undefined handlers. An exploit provided as a demonstration crashes the new browser.

In an article on the Securiteam site, Rishi Narang from Evilfingers says a crash can occur without user interaction. If a user is provided a malicious link with an undefined handler followed by a special character, Chrome crashes.

In Google-speak, the browser displays a message "Whoa, Google Chrome has crashed. Restart now?"

Narang found the fault in chrome.dll version 0.2.149.27. More details can be found on this Evilfingers page.

And on Tuesday, mere hours after Chrome was released, researcher Aviv Raff concocted a proof-of-concept demo to show how the Google browser could be made vulnerable to a carpet-bombing flaw and thus open a window for ill-intentioned hackers.

Click here for full coverage of the Google Chrome launch.

CNET Update

Twitter attempts to beef up security

Twitter lets users add a second layer of password protection, Jennifer Lopez has a new mobile brand, and Nextdoor brings text alerts to the neighborhood.

Play Video

Member Comments

Add Your Comment

Chrome suffers first security flaw

Member Comments

Featured Posts

Most Popular

Connect With CNET

Facebook

Twitter

Google +

RSS

Mobile

Newsletters

iPhone Atlas