iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > EvilFingers Srike Again At Google’s Chrome
Search:
[ insider_reports_insider ]

EvilFingers Srike Again At Google’s Chrome



SecurityProNews
Staff Writer
2008-09-26

SecurityProNews: Insider Reports Insider Reports RSS Feed


Security researchers at EvilFingers.com, who identified the first security vulnerabilities in Google's beta web browser, Chrome, have delivered a proof of concept demonstrating malicious agents could exploit a memory exhaustion denial-of-service attack.

EvilFingers Srike Again At Google's Chrome
EvilFingers Srike Again At Google's Chrome

At the EvilFingers website, the researchers described it this way:
The Google chrome browser is vulnerable to memory exhaustion based denial of service which can be triggered remotely.The vulnerability triggers when Carriage Return(\r\n\r\n) is passed as an argument to window.open() function. It makes the Google Chrome to generate number of windows at the same time thereby leading to memory exhaustion. The behavior can be easily checked by looking at the task manager as with no time the memory usage rises high. The problem lies in the handling of object and its value returned by the javascript function. Once it is triggered the pop ups are started generating. The Google Chrome browser generate object windows continuously there by affecting memory of the resultant system. Probably it can be crashed wihin no time. User interaction is required in this.
In English, once exploited the flaw allows an attacker to popup enough browser windows to stall the browser, increasing memory usage to maximum almost immediately. An experienced user, though, should have time to save tabs and close out before the memory suck is complete-but not much time.

Google patched the early flaw within 24 hours and sent out a patched version within a few days. According to ZDNet, is expected to patch this one just as quickly.

If you're keeping score at home, that's two flaws in Google Chrome found within a month. The beta status of the browser is reassuring, indicating Chrome is a work in progress. Then again, Gmail was in beta for years. Data is showing though, after much hype at the debut, many of those testing Chrome have retuned to their previous browsers.

View All Articles by SecurityProNews




About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds