The detected buffer overflow vulnerability, deemed critical by security experts, is the result of a boundary error in the handling of the "Save As" function. If a user saves a Web page serving malicious content, the program could cause a stack-based overflow error, which could open the door for remote hackers to unleash malicious code on a user's machine.
Remote attackers could then exploit the flaw by constructing a specially crafted Web page infused with malicious code. The attacker could then entice a victim to open and then save the infected page, which would subsequently download malicious code onto the victim's computer and give the attacker complete access to the affected system.
Chrome's latest buffer overflow vulnerability is one of about half a dozen errors detected in the newly released beta Web browser, about half of which allow for remote code execution, experts say. Another vulnerability, discovered shortly after the browser's release Tuesday, included a carpetbombing glitch that stemmed from a fundamental flaw in the underlying user agent Safari 3.1.
However experts say that several Chrome beta version flaws are anticipated and will likely be worked out with the final version as the browser is subsequently tested.
"I think for a new product like Chrome, it doesn't concern me much that they're discovering the number of vulnerabilities and the details are getting out there. That's the point of beta, especially open source beta," said John Bambenek, handler for the SANS Internet Storm Center. "I think that the people who are really into getting exploits on a number of machines are not interested in messing with Chrome until (Google) gets some distribution out there."
"If it's not public information, the hackers don't have it either," he added.
And despite some errors that could lead to remote exploitation, experts say that because the browser is still in beta and not yet widely adopted, security threats for most users for the time being remains small.
"I don't think the consumer impact is very large yet," said Bambenek, "but that could change very quickly."
related stories
trending stories
Video
sponsored resources

APC by Schneider Electric
IoT Platforms 360

Field Engineer
On Demand Workforce 360

Cylance
Cylance Security Learning Center

Cambium Network
Cambium Networks

HPE Zone

Veeam Learning Center

Panda Security
Cyber Security 360

Scale Computing
Scale Computing

Linksys
SMB Midmarket Opportunities 360

BCM One/Verizon
BCM One Learning Center

ConnectWise
ConnectWise

StorageCraft
Disaster Recovery Learning Center

Cohesity
Cohesity Learning Center

Intermedia
Intermedia: Uniting Communication and Collaboration

NPD
Industry Trends 360

AlienVault
Cloud Security 360

Symantec
Symantec Endpoint Protection Mobile

Dell EMC
Machine Learning Knowledge Center

Eaton
Eaton Learning Center

Star2Star
Unified Communications 360

BAE Systems
Data Breaches 360

Dell EMC
Software-defined Data Center 360

Gemalto
Cloud Based Data Protection 360

Commvault
Commvault Learning Center

Siemon
Network Infrastructure 360

Comcast
Comcast Business Learning Center

NetApp
NetApp Data Driven Learning Center

Epson
Epson Hassle-Free Printing Hub

Dell Technologies
IoT 360

Dell EMC Monitors
Displays and Monitors 360

Rebates-On
Running Your Business 360

Comodo Cybersecurity
Threat Management 360

RSA
RSA

Fluency Security
Security as a Service 360
