Search
Homepage This page's url is: -crn-
Latest News Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Running Your Business Security Storage Virtualization
All Carousels Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Running Your Business Security Storage Virtualization
Cloud Storage Monitoring as a Service IoT Platforms Managed Security IT Operations Management Remote Workforce Midmarket Opportunities Enterprise App Cybersecurity Cloud Partner Programs Software-defined Data Center Industry Trends Edge Computing
Spectrum Partner Program HP Inc. Veeam VMware Wasabi Panduit Mimecast Scale Computing
Nutanix Learning Center CRN Showcase Dell Technologies Cloud Learning Center Women of the Channel Showcase Sophos Cybersecurity Learning Center Disaster Recovery Learning Center Comcast Business Learning Center BlackBerry Cylance Learning Center Eaton Learning Center Symantec Business Security Learning Center
Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Zone Intel Partner Connect Digital Newsroom Dell Technologies World Newsroom Dell Technologies Newsroom HP Reinvent 2020 Newsroom IBM Newsroom The IoT Integrator Lenovo Newsroom NetApp Data Fabric Intel Tech Provider Zone

Google Chrome Hit With Another Security Bug

Despite several security flaws which have been detected in Google Chrome, security experts say that the threat for most users remains small as the Web browser is still in beta form.

By Stefanie Hoffman September 05, 2008, 08:15 PM EDT
Web browser buffer vulnerability

The detected buffer overflow vulnerability, deemed critical by security experts, is the result of a boundary error in the handling of the "Save As" function. If a user saves a Web page serving malicious content, the program could cause a stack-based overflow error, which could open the door for remote hackers to unleash malicious code on a user's machine.

Remote attackers could then exploit the flaw by constructing a specially crafted Web page infused with malicious code. The attacker could then entice a victim to open and then save the infected page, which would subsequently download malicious code onto the victim's computer and give the attacker complete access to the affected system.

Chrome's latest buffer overflow vulnerability is one of about half a dozen errors detected in the newly released beta Web browser, about half of which allow for remote code execution, experts say. Another vulnerability, discovered shortly after the browser's release Tuesday, included a carpetbombing glitch that stemmed from a fundamental flaw in the underlying user agent Safari 3.1.

However experts say that several Chrome beta version flaws are anticipated and will likely be worked out with the final version as the browser is subsequently tested.

"I think for a new product like Chrome, it doesn't concern me much that they're discovering the number of vulnerabilities and the details are getting out there. That's the point of beta, especially open source beta," said John Bambenek, handler for the SANS Internet Storm Center. "I think that the people who are really into getting exploits on a number of machines are not interested in messing with Chrome until (Google) gets some distribution out there."

"If it's not public information, the hackers don't have it either," he added.

And despite some errors that could lead to remote exploitation, experts say that because the browser is still in beta and not yet widely adopted, security threats for most users for the time being remains small.

"I don't think the consumer impact is very large yet," said Bambenek, "but that could change very quickly."

Related Topics:
Back to Top

related stories

Video

 

sponsored resources