DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
January 20, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 46 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

First two Google Chrome vulnerabilities found

Posted on Wednesday, September 03 2008 @ 21:26:33 CEST by


Google Chrome has only been available for 24 hours or so and security researchers have already found a couple of flaws in the browser. The Tech Report writes Chrome suffers from an old WebKit vulnerability that could be used to spread malware:
Raff has put up a proof-of-concept demo showcasing the vulnerability. The demo causes Firefox to display a prompt asking the user to download a Java JAR file, but in Chrome, the file downloads automatically to the user's desktop. With a little social engineering (a red arrow pointing to the file in Chrome's download toolbar), users could unknowingly execute the Java app. The app is a simple text editor in Raff's case, but malicious coders could easily use the flaw to plant malware on users' systems.
Another security researcher found a flaw that can crash all tabs in Google Chrome. Kinda ironic, isn't it?
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap, followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4.




 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba