Sep 15th, 2008, 16:45 | #1 |
在青麦地上跑着 / 雪和太阳的光芒
|
【转帖】据说Google Chrome的口令管理器也有问题
http://www.p2pnet.net/story/16889 Google Chrome security flaws p2pnet news view Products | Security:- Ooops. “Google Chrome’s password manager failed more tests than any other browser I’ve tried,” says Chapin Information Services’ Robert Chapin in a p2pnet Reader’s Write. Now, “Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks,” says ZDNet, going on: “Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities - a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference - to trick users into launching executables direct from the new browser. “Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.” Raff’s proof-of-concept code shows how two mouse clicks are all that’s needed to plant malware on Windows desktops, says the story, also pointing out the user-agent shows Chrome is in fact WebKit 525.13 (Safari 3.1), an outdated/vulnerable version of that browser. “Apple patched the carpet-bombing issue with Safari v3.1.2,” ZDNet says, adding some Windows Vista users are reporting downloaded files are, “automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks” Stay tuned. |
|