12 Nov 08 Google’s Chrome Browser Not Yet Secure
If we see theoritically, Chrome should be more secure than other browsers because, rather than being a single-threaded application, each tab is handled by its own sandboxed process.
Google (NSDQ: GOOG)’s Chrome browser is only a day old, but security researchers already have found vulnerabilities that can be exploited.
According to a report published by ZDNet, security researcher Aviv Raff has found that he can combine a flaw in the open source WebKit engine with a Java bug to dupe Chrome users into downloading executable files.
12 Nov 08 Google Chrome < 0.3.154.9 Address Spoofing
The remote host contains a web browser that is affected by an address
spoofing vulnerability.
Description :
The version of Google Chrome installed on the remote host is earlier
than 0.3.154.9. Such versions are reportedly are affected by an
address spoofing vulnerability in pop-ups. An attacker can leverage
this issue to manipulate a window’s address bar to show a different
address than the actual origin of the content.
See also :
http://www.securityfocus.com/archive/1/498232/30/0/threaded
http://googlechromereleases.blogspot.com/2008/10/beta-release-031549.html
Solution :
Upgrade to Google Chrome version 0.3.154.9 or later.
