Search
Homepage This page's url is: -crn-
Latest News Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Security Storage Virtualization
All Carousels Applications OS Channel Programs Cloud Components & Peripherals Data Center Internet of Things Managed Services Mobility Networking Security Storage Virtualization
Ready Nodes IoT Platforms SMB Midmarket Opportunities On Demand Workforce Cloud Security Data Center Cloud Platforms CRN 360 Managed Services Industry Trends Business Continuity/Disaster Recovery
Toner and Ink Cambium Networks AT&T Scale Computing Citrix Connectwise
Cylance Security Learning Center Commvault Learning Center NetApp Data Driven Learning Center Recoverability Learning Center Eaton Learning Center Comcast Business Learning Center Intermedia: Uniting Communication and Collaboration Machine Learning Knowledge Center BCM One Learning Center 8x8 UCaaS + CCaaS Learning Center 100 People You Shoud Know Showcase Cloud PPG Showcase Epson Hassle-Free Printing Hub HP Device as a Service Malwarebytes Learning Center Veeam Learning Center Symantec Endpoint Protection Mobile HPE Zone
Rankings and Research Companies CRNtv Events WOTC Jobs Tech Provider Zone

Google Chrome Hit With Another Security Bug

Despite several security flaws which have been detected in Google Chrome, security experts say that the threat for most users remains small as the Web browser is still in beta form.

By Stefanie Hoffman September 05, 2008, 08:15 PM EDT
Web browser buffer vulnerability

The detected buffer overflow vulnerability, deemed critical by security experts, is the result of a boundary error in the handling of the "Save As" function. If a user saves a Web page serving malicious content, the program could cause a stack-based overflow error, which could open the door for remote hackers to unleash malicious code on a user's machine.

Remote attackers could then exploit the flaw by constructing a specially crafted Web page infused with malicious code. The attacker could then entice a victim to open and then save the infected page, which would subsequently download malicious code onto the victim's computer and give the attacker complete access to the affected system.

Chrome's latest buffer overflow vulnerability is one of about half a dozen errors detected in the newly released beta Web browser, about half of which allow for remote code execution, experts say. Another vulnerability, discovered shortly after the browser's release Tuesday, included a carpetbombing glitch that stemmed from a fundamental flaw in the underlying user agent Safari 3.1.

However experts say that several Chrome beta version flaws are anticipated and will likely be worked out with the final version as the browser is subsequently tested.

"I think for a new product like Chrome, it doesn't concern me much that they're discovering the number of vulnerabilities and the details are getting out there. That's the point of beta, especially open source beta," said John Bambenek, handler for the SANS Internet Storm Center. "I think that the people who are really into getting exploits on a number of machines are not interested in messing with Chrome until (Google) gets some distribution out there."

"If it's not public information, the hackers don't have it either," he added.

And despite some errors that could lead to remote exploitation, experts say that because the browser is still in beta and not yet widely adopted, security threats for most users for the time being remains small.

"I don't think the consumer impact is very large yet," said Bambenek, "but that could change very quickly."

Related Topics:
Back to Top

Video

 

sponsored resources

Copyright The Channel Company, All rights reserved