By Thomas Claburn
September 3, 2008
Google (NSDQ: GOOG)'s Chrome browser is only a day old, but security
researchers already have found vulnerabilities that can be exploited.
According to a report published by ZDNet, security researcher Aviv Raff
has found that he can combine a flaw in the open source WebKit engine
with a Java bug to dupe Chrome users into downloading executable files.
Apple, which uses WebKit in its Safari browser, fixed this flaw with its
Safari 3.1.2 browser patch. Chrome uses an older version of WebKit that
has not been repaired.
Another security researcher, Rishi Narang, claimed to have found a way
to crash Chrome with a malicious link.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!