Well Google released yesterday their new web browser, it is called Chrome and is supposed to be designed from scratch to be secure and functional.

Well it seems they released it with an old vulnerability in there from code that the Google developers borrowed from Apple’s WebKit rendering engine and a Java related security issue.

The Apple WebKit based issue lovingly named the ‘Carpet Bombing Vulnerability’ was discovered by Aviv Raff and was discussed at this years BlackHat Security conference. There is a benign Proof of Concept of the attack available, that shows how Chrome users can be lured into into downloading and launching a JAR (Java Archive) file that gets executed without warning. The code shows how an attacker could use social engineering tricks to lure a victim into installing malware onto their Windows host.

The version of WebKit used by Google appears to be WebKit 525.13 (originally found in Safari 3.1), this version is outdated and Apple patched the ‘Carpet Bombing’ issue in Safari 3.1.2 and it’s associated WebKit release.

We expect that Chrome will be getting some hardcore scrutiny over the next few weeks, and given it is open source we can expect some easily found issues. Google as always release ‘Beta’ code out there for us to test, we guess that this is going to help them clear off some of those easily found problems and get them a robust browser..

Add this page to your favorite Social Bookmarking websites