12 Nov 08 Google’s Chrome Browser Not Yet Secure

If we see theoritically, Chrome should be more secure than other browsers because, rather than being a single-threaded application, each tab is handled by its own sandboxed process.

Google (NSDQ: GOOG)’s Chrome browser is only a day old, but security researchers already have found vulnerabilities that can be exploited.
According to a report published by ZDNet, security researcher Aviv Raff has found that he can combine a flaw in the open source WebKit engine with a Java bug to dupe Chrome users into downloading executable files.

(more…)

12 Nov 08 Google Chrome < 0.3.154.9 Address Spoofing

Description: Synopsis :

The remote host contains a web browser that is affected by an address
spoofing vulnerability.

Description :

The version of Google Chrome installed on the remote host is earlier
than 0.3.154.9. Such versions are reportedly are affected by an
address spoofing vulnerability in pop-ups. An attacker can leverage
this issue to manipulate a window’s address bar to show a different
address than the actual origin of the content.

See also :

http://www.securityfocus.com/archive/1/498232/30/0/threaded
http://googlechromereleases.blogspot.com/2008/10/beta-release-031549.html

Solution :

Upgrade to Google Chrome version 0.3.154.9 or later.