PDA

View Full Version : Google browser vulnerable to carpet-bombing flaw



Madmax
09-03-2008, 03:34 PM
Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

http://blogs.zdnet.com/security/?p=1843&tag=nl.e539

shadowjak
09-03-2008, 04:15 PM
Google's Chrome browser is only a day old but security researchers have already found vulnerabilities that can be exploited.

According to a report published by ZDNet, security researcher Aviv Raff has found that he can combine a flaw in the open source WebKit engine with a Java bug to dupe Chrome users into downloading executable files.

Apple, which uses WebKit in its Safari browser, fixed this flaw with its Safari 3.1.2 browser patch. Chrome uses an older version of WebKit that has not been repaired.

Another security researcher, Rishi Narang, claims to have found a way to crash Chrome with a malicious link.

"An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27," Narang explains on the Evil Fingers Web site. "A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the Chrome crashes with a Google Chrome message window 'Whoa! Google Chrome has crashed. Restart now?'"

And someone identifying himself or herself as "Nerex" has posted proof-of-concept JavaScript code on Milw0rm.com that supposedly "allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt."

This exploit appears to be similar to the one identified by Aviv Raff.

In theory, Google Chrome should be more secure than other browsers because rather than being a single-threaded application, each tab is handled by its own sandboxed process with its own memory space. Like a multi-engine plane, Chrome is designed not to crash following the loss of a single engine.

"Chrome utilizes technology that has historically been associated with operating systems to create isolation between different browser tabs with the aim of improved crash-resistance and security," said IDC analyst Al Hilwa in a research note. "The security capabilities also ensue from a new sandbox model that strengthens what is typically available today from other browsers."

But Chrome is beta software and remains a work in progress.

Hilwa observes that while Google's security architecture isolates the browser's kernel from attacks on rendering engine vulnerabilities, it doesn't extend this same protection to plugins like Java, Flash, and Silverlight.

Mozilla software engineer Robert O'Callahan in a blog post said that while Chrome looks promising, Google's coders still have challenges to overcome. "There are some interesting architectural problems they haven't solved yet, especially with the process separation model, especially with regard to windowless plugins, and also Mac," he said. "These are problems that will be encountered by anyone doing process separation so it will be interesting to see how that goes."
-----------------------------------------------------------------
And here is the wonderful Google Chrome EULA-

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

I'm not sure I want to give Google a "perpetual, irrevocable, worldwide, royalty-free" license to do whatever it wants with any material I post or transmit through Chrome.

Killswitch
09-03-2008, 06:08 PM
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: MadMax</div><div class="ubbcode-body">Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.</div></div>

You mean Al-Qaeda can terrorize us through Chrome? What the hell are "carpet-bombs" anyway? lmao

shadowjak
09-03-2008, 09:15 PM
Carpetbombing-

Apple's Safari Web browser, Microsoft this week provided another, more important one: It can be used to trigger a so-called "carpet bombing" attack on users' PCs and running applications that could be used to take over the machine.

According to the search researcher who discovered the problem, the Safari carpet bombing flaw is actually one of three separate security issues he found in the browser in mid-May. Nitesh Dhanjani says he reported the flaws to Apple at that time, and Apple has pledged to fix one of the other flaws he discovered, but does not feel the carpet bombing flaw is "security related."

Dhanjani disagrees. "It is possible for a rogue Web site to litter the user's desktop [with executable applications]," Dhanjani writes in a blog post describing the flaw. "This can happen because the Safari browser cannot be configured to obtain the user's permission before it downloads a resource. Safari downloads the resource without the user's consent and places it in a default location. The implication of this is obvious: Malware downloaded to the user's desktop without the user's consent."

The WebKit engine used inside Chrome leaves it vulnerable to the infamous Safari carpetbombing flaw, security researcher Aviv Raff warns. The flaw stems from a combination of a vulnerability in Apple Safari WebKit and a Java security bug, security blogger Ryan Naraine reports.

As a result Windows users of the beta software might be tricked into downloading malicious files onto their desktop. Raff has published a harmless proof-of-concept exploit in order to illustrate his concerns.

Apple patched the vulnerability with Safari v3.1.2, but the underlying software behind Chrome is based on older code, hence the vulnerability.

Killswitch
09-03-2008, 10:47 PM
Ok, I guess what I should have asked is..... "What is carpet-bombing?"

I looked it up.

-&gt; To bomb in a systematic and extensive pattern, so as to devastate a large target area uniformly.

Anyways, my first post was a joke. Carpet = Arab.

Andre
09-04-2008, 10:37 AM
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: shadowjak</div><div class="ubbcode-body">
And here is the wonderful Google Chrome EULA-

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

I'm not sure I want to give Google a "perpetual, irrevocable, worldwide, royalty-free" license to do whatever it wants with any material I post or transmit through Chrome.</div></div>

Yeah, they caught hell for that one and have already changed it.
11. Content license from you

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services.