Search
Homepage This page's url is: -crn-
Latest News Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Running Your Business Security Storage Virtualization
All Carousels Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Running Your Business Security Storage Virtualization
Threat Management Security as a Service Running Your Business Displays and Monitors IoT Network Infrastructure Cloud Based Data Protection Software-defined Data Center Data Breaches Unified Communications Cloud Security Industry Trends SMB Midmarket Opportunities Cyber Security IoT Platforms On Demand Workforce
Toner and Ink RSA Scale Computing Cambium Networks ConnectWise
Epson Hassle-Free Printing Hub NetApp Data Driven Learning Center Comcast Business Learning Center Commvault Learning Center Eaton Learning Center Machine Learning Knowledge Center Intermedia: Uniting Communication and Collaboration Cohesity Learning Center Disaster Recovery Learning Center BCM One Learning Center Cylance Security Learning Center Veeam Learning Center Symantec Endpoint Protection Mobile HPE Zone
Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs Dell EMC Newsroom IBM PartnerWorld Newsroom HPE Zone Tech Provider Zone

Google Chrome Hit With Another Security Bug

Despite several security flaws which have been detected in Google Chrome, security experts say that the threat for most users remains small as the Web browser is still in beta form.

By Stefanie Hoffman September 05, 2008, 08:15 PM EDT
Web browser buffer vulnerability

The detected buffer overflow vulnerability, deemed critical by security experts, is the result of a boundary error in the handling of the "Save As" function. If a user saves a Web page serving malicious content, the program could cause a stack-based overflow error, which could open the door for remote hackers to unleash malicious code on a user's machine.

Remote attackers could then exploit the flaw by constructing a specially crafted Web page infused with malicious code. The attacker could then entice a victim to open and then save the infected page, which would subsequently download malicious code onto the victim's computer and give the attacker complete access to the affected system.

Chrome's latest buffer overflow vulnerability is one of about half a dozen errors detected in the newly released beta Web browser, about half of which allow for remote code execution, experts say. Another vulnerability, discovered shortly after the browser's release Tuesday, included a carpetbombing glitch that stemmed from a fundamental flaw in the underlying user agent Safari 3.1.

However experts say that several Chrome beta version flaws are anticipated and will likely be worked out with the final version as the browser is subsequently tested.

"I think for a new product like Chrome, it doesn't concern me much that they're discovering the number of vulnerabilities and the details are getting out there. That's the point of beta, especially open source beta," said John Bambenek, handler for the SANS Internet Storm Center. "I think that the people who are really into getting exploits on a number of machines are not interested in messing with Chrome until (Google) gets some distribution out there."

"If it's not public information, the hackers don't have it either," he added.

And despite some errors that could lead to remote exploitation, experts say that because the browser is still in beta and not yet widely adopted, security threats for most users for the time being remains small.

"I don't think the consumer impact is very large yet," said Bambenek, "but that could change very quickly."

Related Topics:
Back to Top

Video

 

sponsored resources

Copyright The Channel Company, All rights reserved