A company in Vietnam has turned up the latest vulnerability in Chrome, according to a story posted to Information Week's website.
Bach Khoa Internet Security says the Chrome 0.2.149.27 release is susceptible to a critical buffer-overflow flaw, which could allow a remote attacker to take control of a PC. BKIS says it has reported the vulnerability to Google.
BKIS explained the security flaw: "The vulnerability is caused due to a boundary error when handling the 'SaveAs[ function. On saving a malicious page with an overly long title (title tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users' systems.
The security company described how the flaw could be exploited: "A hacker might construct a specially crafted web page, which contains malicious code. He then tricks users into visiting his website and convinces them to save this page. Right after that, the code would be executed, giving him the privilege to make use of the affected system. "
Read this
Roundup: Countdown to Google Chrome
Google's open-source browser sends a clear challenge to Microsoft...
Earlier this week, security researcher Rishi Narang reported a flaw related to how Chrome, still in beta, behaves with undefined handlers, while another researcher, Aviv Raff, developed a proof-of-concept demo that showed Chrome could be hit with a carpet-bombing flaw.
For full coverage of the Google Chrome launch, see ZDNet.co.uk's roundup.
Talkback
My initial view of Chrome was "'Tis good. But there are a number of small niggling points that can only come to light from users. I will have to find a feedback point for my comments. Most disliked to date is the detailed browsing history that I can't switch off or auto-delete.