Google Chrome Vulnerable To Carpet Bomb Flaw

Security researcher Aviv Raff discovered the bug -- an amalgam of an Apple Safari carpet bombing vulnerability with a Java glitch revealed at the Black Hat USA 2008 conference -- hours after the browser's release on Tuesday. Raff subsequently posted proof of concept exploit code on the vulnerability demonstrating how the new Google Chrome bug enables users to unknowingly launch malicious executables directly from their browser.

A malicious hacker could entice users into downloading onto their Windows desktop a specially-crafted java archive file, typically with a social engineering ploy. Once a user opened a malicious link or visited a harmful Website, malware would then be installed on the user's PC, which would get executed without warning.

In actuality, Google Chrome uses Apple's WebKit 525.13, or Safari 3.1, which is outdated and proven to be susceptible to numerous exploits, including a Safari carpet bombing error. While Apple patched the flaw in Safari 3.1, the underlying software remains vulnerable.

Google said that by default, the new browser downloads files to a separate "downloads" folder, as opposed to the user's desktop. The "downloads" folder is not in the default DLL search patch, which subsequently avoids some potential security problems, Google said.

"This may be different for Vista depending on imported settings from the default browser, which may direct downloads to the desktop, but Vista security mechanisms help mitigate potential risk to users. Google Chrome takes things a step further by refusing to automatically download files, such as desktop.ini and *.local files, that have the potential to manipulate window preferences and change the order in which DLLs are loaded," said a Google spokesperson in an email. "However, should users wish to be prompted before each file download, they can enable this functionality by choosing 'Ask where to save each file before downloading' on the Minor Tweaks tab in the Options dialog."

Google maintains that its new open source Chrome browser is designed to be faster, easier, and safer than its competition. The browser, which was launched in beta just a week after Microsoft released its newest version of Internet Explorer, was designed to serve the needs of an audience that is increasingly reliant on the Web for complex and interactive applications and functions.

Altogether, Chrome touts isolated "sandbox" tabs, improved speed and responsiveness, a more powerful JavaScript engine and streamlined functionality, as well as built-in anti-phishing capabilities and advanced privacy functions. The search engine giant is also currently working on versions of Chrome for Mac and Linux.