Wednesday, September 03, 2008

Google Chrome

Thanks, but no thanks. I'm quite happy with the browsers I have right now, particularly in view of the CNET article, "Be sure to read Chrome's fine print" which you really need to read for yourself.

After seeing the CNET article regarding the EULA (end user license agreement), I learned about two security issues posted at SecurityTeam.com. I understand this is beta software and hope that people who trust Google recognize the difference between beta and production.

From Google Chrome Browser Automatic File Download,3 Sep. 2008:
"Summary
Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt.

Credit:
The information has been provided by nerex.
The original article can be found at: http://www.milw0rm.com/exploits/6355

and from Google Chrome Browser URL Handler Crash, 3 Sep. 2008:

"Summary
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap, followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4.

Credit:
The information has been provided by Rishi Narang.
The original article can be found at: http://evilfingers.com/advisory/google_chrome_poc.php




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

Unknown said...

I never read the damn EULA's but I know I should..

I uninstalled it. Thanks! ;)