Results 1 to 4 of 4

Thread: Chrome has a serious security flaw

  1. #1
    #DeSantis2024 Teh One Who Knocks's Avatar
    Join Date
    Jan 2011
    Location
    5280' Above Sea Level
    Posts
    256,044
    vCash
    10966
    Mentioned
    20 Post(s)
    Thanks
    23,810
    Thanked 113,085 Times in 59,902 Posts

    Warning Chrome has a serious security flaw

    The Kim Komando Show




    Since Google launched the Chrome browser in 2008, it's built a reputation for speed and security not found in other browsers. While the gap has narrowed in both those areas thanks to improvements in Firefox, and Microsoft creating the new Edge browser for Windows 10, Chrome still has the edge in hacking contests.

    That's one reason hundreds of millions around the world have it installed on their computers and mobile gadgets. Unfortunately, a newly discovered security flaw might put that reputation in jeopardy.

    A Chinese researcher, Guang Gong, discovered the flaw after three months of work, and built a proof-of-concept he demonstrated at the recent PacSec conference. Using a simple game app with a bit of extra code in it, he forced the phone to call out to a special server and load up a webpage in Chrome containing malicious code.

    When the Chrome browser visited the webpage, a flaw in the JavaScript system let the page download another app that took over the Android gadget completely. That's scary, but it gets worse.

    Usually, attacks that lead to a full takeover of an operating system require multiple flaws, a number of steps and some user input to work. This attack does it in one go, which means as soon as the user installs a modified app, or visits a malicious page, it's over.

    The way Gong's attack works, any app could have the code calling out to a special server with a malicious page. Apps do that all the time for ads and other uses, so it wouldn't trigger any alarms in the Google Play store. That means slipping a malicious app through Google's screening just got easier.

    It isn't just Chrome, though. Other researchers are now worried that any third-party app that includes Google's version of JavaScript will also be vulnerable.

    Of course, the same flaw exists in the desktop version of Chrome, meaning hackers might adapt it to launch attacks against PCs and Macs. Gong says he informed Google of the flaw in August, but so far there hasn't been a fix released.

    Fortunately, Gong hasn't released the details on the flaw, so no hackers should have it yet. Considering it took him three months to find, it will probably be a little while before anyone else figures it out.

    Still, you don't want to rely completely on that to stay safe. Here are some things you can do.

    • Switch your mobile browser to Firefox on Android and Apple, or go back to Safari on Apple.
    • Be careful when clicking on links you get in email or text messages. Only click if you know where it's going and you trust the person who sent it.
    • Get a security app that warns you about phishing links and malicious app downloads.

  2. #2
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts
    What is this? A Firefox ad






  3. #3
    Take Box B DemonGeminiX's Avatar
    Join Date
    Jan 2011
    Location
    Bum Fuck Egypt, East Jabip
    Posts
    64,804
    vCash
    27021
    Mentioned
    25 Post(s)
    Thanks
    45,041
    Thanked 16,892 Times in 11,967 Posts




    Warning: The posts of this forum member may contain trigger language which may be considered offensive to some.

    Music was better when ugly people were allowed to make it.

  4. #4
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts






Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •