You might also be interested in
Replies (3)
Please login or register to join the discussion.
Download defaults also vulnerable
While researching another story, I spotted a blog post from Trend Micro warning of another vulnerability in Chrome.
Because Chrome uses the same WebKit rendering engine that Safari uses, it is also liable to what is described to "carpet-bombing" attacks, where the browser could download and execute malicious files from booby-traped websites without prompting.
To make it more effecient when working with web-based applications, the default in Crome is set to download files straight to the Desktop without warning, potentially putting malware on the user's computer. (At least the malicious files will only run if a user actually clicks on it in the download toolbar.) (this normally shows the most recent downloads) conspicuously placed at the bottom of the browser window.
The simplest way to counteract the threat is to go to Options-Minor Tweaks and click the check box beside ‘Ask where to save each file before downloading’.
The EvilFingers.com site has also found an exploit that allows hackers to crash the entire browser - not just an individual tap, as Google has claimed.
As Charles so wisely pointed out, Chrome is still a beta-test product - and any program designed to run within the world's incredibly complex computing infrastructure is going to have vulnerabilities. The main risk factor is the degree to which hackers are tempted to attack a program. Chrome will have to grab a pretty big piece of the market before it attracts the unwanted attention that IE gets.
John Stokdyk
Technology editor
AccountingWEB.co.uk
plus a security issue or two.....
Apparently, it's been discovered that Chrome is a little over-enthusiastic with its caching. (It caches secured pages, along with everything else)
If you use it to access, say, a banking site, then much of the information you view is retained in a form that the next user of the PC can easily view.
http://www.trustedreviews.com/software/news/2008/09/05/Chrome-Crisis--Indexes-Bank-Accounts-/p1
Don't forget - Chrome is a Beta product - approach with caution!
Licence grumbles
In a posting on our sister site UK Business Forums, Gary Kind, of www.domorewithsage.com advised Chrome users to look carefully at the small print of the browser licence before jumping in with both feet.
"The licensing terms seem very restrictive and quite worrying," he writes, quoting the following extract: “By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute and promote the services and may be revoked for certain services as defined in the additional terms of those services.”
My initial response was that this was probably an oversight, where the company's lawyers just copied across boilerplate from the main Google service. This also happened with MySpace until Billy Bragg challenged them.
According to BBC News, this turns out to have been the case. Google senior product counsel Rebecca Ward said Google said had reused its Universal Terms of Service "to keep things simple for our users" and dropped that bit from the Chrome licence.
John Stokdyk
Technology editor
AccountingWEB.co.uk