After seeing the CNET article regarding the EULA (end user license agreement), I learned about two security issues posted at SecurityTeam.com. I understand this is beta software and hope that people who trust Google recognize the difference between beta and production.
From Google Chrome Browser Automatic File Download,3 Sep. 2008:
and from Google Chrome Browser URL Handler Crash, 3 Sep. 2008:"Summary
Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt.
Credit:
The information has been provided by nerex.
The original article can be found at: http://www.milw0rm.com/exploits/6355
"Summary
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap, followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4.
Credit:
The information has been provided by Rishi Narang.
The original article can be found at: http://evilfingers.com/advisory/google_chrome_poc.php
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
1 comment:
I never read the damn EULA's but I know I should..
I uninstalled it. Thanks! ;)
Post a Comment