Browse By Topic

• RSS News Feed
• News Archive
• Opinion
• Features
• Wireless Technology
• Hardware
• Security/Privacy
• Integration/Networking
• Professional Development
• Special Needs Students
• Data Management
• Display/Presentation
• eLearning/Web
• Accountability/Assessment
• Policy/Research
• Funding
• Telecom
• Business Intelligence
• Green

Magazine

• Current Issue
• Archives
• Article Search
• Editorial Calendar
• Editorial Board

Newsletters

• T.H.E. News Update
• Collaboration 2.0
• THE SmartClassroom
• School Security
• Classroom Tools & Tips

Events

• FETC
• Innovative Learning Conf.
• Congress on Content

Subscription Services

• Magazine
• eNewsletters

Resources

• Learning Centers
• White Papers
• Webinars
• RoadMap to the Web
• Education Plaza
• Sylvia Charp Award
• Conference Calendar
• FETC 2008 Vendor Focus
• Podcasts
• School Security
• 21st Century Skills
• Professional Development in Technology
• Dropout Prevention
• Math Intervention

Marketing

• About Us
• Media Kit
• Press Releases
• PR Guidelines
• Contacts

September 2008 — News

Print this article | Email this article

Click here to receive your FREE subscription to T.H.E. Journal

Security Exploits to Google Chrome Browser Emerge

by Jabulani Leffall

Google's Chrome Web browser--complete with quirky marketing comic book--made a splash when announced Tuesday, but what a difference a day makes. On Wednesday, proof-of-concept bugs affecting the Internet app were disclosed. Chrome is still early in its first public beta.

First, Rishi Narang, who is part of the EvilFingers security portal, identified a denial-of-service vulnerability that has crashed the Chrome browser when tabs are open during an Internet session.

A second proof-of-concept vulnerability also emerged Wednesday that allows a malformed URL to crash or "carpet bomb" the Chrome browser. This exploit was discovered when independent researcher Aviv Raff figured out that he could combine two vulnerabilities--a flaw in Apple Safari (WebKit) and a Java bug discussed at this year's Black Hat conference. His exploit tricks users into launching executables directly from the new browser.

Google's Chrome browser is partly based on open source software components used in Mozilla's Firefox and Apple's WebKit. The malformed URL vulnerability is based on the WebKit problem that similarly affected Apple's Safari browser. Apple has since patched Safari, but Google is using a version of the WebKit that is vulnerable to this kind of attack, experts say.

Debates across the IT security community have noted that Microsoft Internet Explorer 8, currently at Beta 2, comes with a bevy of security and privacy functions. Meanwhile, Google, observers say, is far more likely to press for a release that does not meet the more stringent security requirements that IT pros in the enterprise space are used to seeing.

"As was the case a decade ago at Microsoft, inside of Google, marketing still appears to carry a much bigger stick than the security folks do," said Randy Abrams, director of technical education at San Diego-based security software company ESET. "This makes it impossible to place the proper emphasis on security. As a result, Google will be responding to flaws much more often than proactively preventing vulnerabilities."

• Next »
• 1. 1
  2. 2
  3. 3