Friday, September 5, 2008

Google's Chrome Browser Not Yet Secure

If we see theoritically, Chrome should be more secure than other browsers because, rather than being a single-threaded application, each tab is handled by its own sandboxed process.

Google (NSDQ: GOOG)'s Chrome browser is only a day old, but security researchers already have found vulnerabilities that can be exploited.
According to a report published by ZDNet, security researcher Aviv Raff has found that he can combine a flaw in the open source WebKit engine with a Java bug to dupe Chrome users into downloading executable files.
More Internet Insights
White Papers
Small Business Web Design Guide Part I: SEO Tips for Small Business Websites
Simple Tricks To Ace the Subnetting Portion of Any Certification Exam
Apple, which uses WebKit in its Safari browser, fixed this flaw with its Safari 3.1.2 browser patch. Chrome uses an older version of WebKit that has not been repaired.
Another security researcher, Rishi Narang, claimed to have found a way to crash Chrome with a malicious link.
"An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27," Narang explained on the Evil Fingers Web site. "A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the Chrome crashes with a Google Chrome message window 'Whoa! Google Chrome has crashed. Restart now?' "
And someone identified as "Nerex" has posted proof-of-concept JavaScript code on Milw0rm.com that supposedly "allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt."
This exploit appears to be similar to the one identified by Raff.
In theory, Google Chrome should be more secure than other browsers because, rather than being a single-threaded application, each tab is handled by its own sandboxed process with its own memory space. Like a multiengine plane, Chrome is designed not to crash following the loss of a single engine.
"[Chrome] utilizes technology that has historically been associated with operating systems to create isolation between different browser tabs with the aim of improved crash-resistance and security," IDC analyst Al Hilwa said in a research note. "The security capabilities also ensue from a new sandbox model that strengthens what is typically available today from other browsers."
But Chrome is beta software and remains a work in progress.
Hilwa observes that while Google's security architecture isolates the browser's kernel from attacks on rendering-engine vulnerabilities, it doesn't extend this same protection to plug-ins like Java, Flash, and Silverlight.
Mozilla software engineer Robert O'Callahan in a blog post said that while Chrome looks promising, Google's coders still have challenges to overcome. "There are some interesting architectural problems they haven't solved yet, especially with the process separation model, especially with regard to windowless plugins, and also Mac," he said. "These are problems that will be encountered by anyone doing process separation so it will be interesting to see how that goes."
Take a spin through our Google Chrome image gallery and have a look at the browser that's being touted as a game-changer.

No comments:

Traffic revenue