Less than a day after Google released its new sparking and shiny web browser, two major bugs where found.
Google’s Chrome is vulnerable to a “carpet bombing” attack. I can easily see how this may be abused by a potential attacker to make Chrome users download and execute JAR files (Java Archive) - not an applet and not inside the sandbox - without any warning. This happened because Google’s Chrome is actually based on WebKit, a former version of Safari. This vulnerability was released by Aviv Raff who wrote a harmless proof of concept.
Another less dangerous attack (for now) is that Chrome crashes. Google claims that each tab runs in its own process. This is kind of odd since when one tab crashes all other tabs crash with it. For example click here. The disturbing thing is that Chrome is exposed to a buffer overflow attack. If the example doesn’t work (security filter) just add
<a href='oded:%'>oded</a>
to your html page. It will crash.
One more interesting feature is popup windows that are not blocked, open in a minimized state. A potential attacker can take advantage to hide malicious consoles, because the page is rendered when it’s minimized.
Thanks,