FEATURED VIDEO

Sponsored By:


SLIDE SHOWS
ChannelWeb's Top 25 Execs of 2008 know that reading is fundamental. Here are their picks for books to feed your brain.
There were plenty of high-powered movers and shakers that made a big impact on the channel in 2008. Here's a look at who made our list of the 25 most influential.
It's time again to agonize over what to get the techie in your life. With the holidays closing in fast, here are 25 gift ideas sure to wow any techie.
INSIDE CHANNELWEB
techcareers logo Search Jobs:


  

Post Resume|Employers

Recent Post:


Regional Desktop Coordinator
BP seeking Regional Desktop Coordinator in Houston, TX
spacer

Google Chrome Hit With Another Security Bug


By Stefanie Hoffman, ChannelWeb
7:15 PM EDT Fri. Sep. 05, 2008
Less than a week after the release of Google's new Web browser Chrome, security researchers detected a buffer overflow vulnerability that could enable remote attackers to completely take control of a user's computer.

The detected buffer overflow vulnerability, deemed critical by security experts, is the result of a boundary error in the handling of the "Save As" function. If a user saves a Web page serving malicious content, the program could cause a stack-based overflow error, which could open the door for remote hackers to unleash malicious code on a user's machine.

Remote attackers could then exploit the flaw by constructing a specially crafted Web page infused with malicious code. The attacker could then entice a victim to open and then save the infected page, which would subsequently download malicious code onto the victim's computer and give the attacker complete access to the affected system.

Chrome's latest buffer overflow vulnerability is one of about half a dozen errors detected in the newly released beta Web browser, about half of which allow for remote code execution, experts say. Another vulnerability, discovered shortly after the browser's release Tuesday, included a carpetbombing glitch that stemmed from a fundamental flaw in the underlying user agent Safari 3.1.

However experts say that several Chrome beta version flaws are anticipated and will likely be worked out with the final version as the browser is subsequently tested.

"I think for a new product like Chrome, it doesn't concern me much that they're discovering the number of vulnerabilities and the details are getting out there. That's the point of beta, especially open source beta," said John Bambenek, handler for the SANS Internet Storm Center. "I think that the people who are really into getting exploits on a number of machines are not interested in messing with Chrome until (Google) gets some distribution out there."

"If it's not public information, the hackers don't have it either," he added.

And despite some errors that could lead to remote exploitation, experts say that because the browser is still in beta and not yet widely adopted, security threats for most users for the time being remains small.

"I don't think the consumer impact is very large yet," said Bambenek, "but that could change very quickly."


RATE THIS ARTICLE Worse 1 2 3 4 5 Better
CHANNELWEB MARKETSPACE >> (Sponsored Links)
Channelweb : Promofinder
FEATURED PROMOTIONS
90% OFF Aladdin SafeWord Starter Pack - Act Now!!
Make more money with SafeWord and Aladdin now that we've joined teams. Order a SafeWord Two-Factor Authentication Starter P...
Get More in Q4 from Kaspersky Lab
Sell Kaspersky products and earn dollars for every sale of 10 or more nodes. That’s right! Every sale you make will put extra...
LATEST NEWS >>
December 01, 2008 06:50 PM
December 01, 2008 04:19 PM
December 01, 2008 03:40 PM
December 01, 2008 11:55 AM
December 01, 2008 10:39 AM
RELATED BLOG >>
Photo
The Test Center's most recent threat watch.
ADVERTISEMENT




CHANNEL SERVICES >>