Skip to main content

Researchers Discover Two Security Holes in Google Chrome Within 24 hours

All eyes are on Google's first browser and it was not a surprise to find out that Chrome, like any popular application subjected to public scrutiny, does indeed contain a few flaws.

Since Chrome is based on Webkit, the same underlying platform as Safari, it would be a safe bet to say that they would both share the same security issues.

Affiv Raff has posted a proof of concept vulnerability - the so =-called carpet bombing - that affected Safari 3.1 and could also, when used with a Java bug, could allow an attacker to remotely execute code in Chrome, something that Google's hit team said would be next to impossible in their comic book.

Raff posits that since Google essentially borrowed insecure features from a number of browsers, it is only a matter of time before its own security design flaws surface.

Another flaw was singled out by researcher Rishi Narang who wrote that a malicious link containing a special character can cause Chrome to crash literally on demand.

Since Chrome is open source, expect the flaws to be closed quite quickly, after which it will be a cat-and-mouse game too find out other flaws and vulnerabilities.

Watch out how quickly (or slowly), Google will react to those announcements.