Workaround for Google Chrome Automatic file download vulnerabilityCarpet Bombing

    • Sep
    • 18
    • 2008

    Workaround for Google Chrome Automatic file download vulnerability

    Posted by Avice.

    Filed under Google Chrome.

    3 months, 3 weeks ago

    google chrome carpet bombing-download vulnerabilityJust after recent controversial privacy issue with Google Chrome browser there is old Webkit vulnerability haunting this new slick Google browser. There no official patch from the Chromium developer yet but it seem like bugs inheritance is something you should be aware of. Because Google Chrome browser is partially a Safari 3.1 with different architecture without JavascriptCore (script parse with Google open source javascript V8 Engine).

    Current Chrome (beta) is based on WebKit 525.13 (Safari 3.1) rendering engine and introduces many of features inspired/taken from different modern browser (including some vulnerabilities). Theoretically any previous vulnerability in AppleWebkit/Safari 3.1 is shared by Chrome users.

    Google Chrome WebKit 525.13 / Safari 3.1

    Workaround for Google Chrome Carpet Bombing vulnerability

    As expected from previous Safari ticket on this vulnerabilty, both Safari & Chrome developer label this as non vulnerability threat so there no fixes/patch (aka WontFix) for this particular issue. Blame it on interface design.Automatic file download without confirmation possible

    The below guide is simple workaround for Chrome Carpet Bombing vulnerability (#897 : Automatic file download without confirmation possible) . Basically just disabled the auto save file to desktop by default.

    1. Click on the “Tools wrench icon” google-chrome-toolsmenuand select Options.
    2. On the Options windows select the “Minor Tweaks” tab.
    3. Then checked the “Ask where to save each file before downloading” check box.
    4. Close the options windows. end

    Chromium team should enabled the above options by default. That would prevent malicious attack. It’s not very exciting to see all of this happening within short time periods.

    Related External Links

    About the Author
     

    Avice appreciates modern web development and feels strongly there is a right way and wrong way of doing it. She promotes a beautiful web while still advocating access to all users keeping web usability in the forefront of her mind.. 

    Tags:
    • September 18, 2008 at 6:26 am
    • September 20, 2008 at 5:33 pm
    • url

3 Responsesto “Workaround for Google Chrome Automatic file download vulnerability”

    • ck's photo
    • RE:Workaround for Google Chrome Automatic file download vulnerability
      3 months, 2 weeks ago on at 3:49 am3url · microId

      Yes exactly, especially at You Tube or while using any FLV players. Chrome doesn’t handle flash very well. It usually stuck when you try dragging the fast-forward scroller.

      They are making Chrome beta as bug hunting fest. Just hope it wont be beta “like forever” (gmail). I would wait until chromium guys release version 1 or till they get their hands on add-ons & extensions.

      [Reply]
      (cc) 2008 - 2009 ck · permalink
    • stalker's photo Kaizeku Ban
    • Workaround for Google Chrome Automatic file download vulnerability - 'Comment Guidlines' ↓
      3 months, 3 weeks ago on Thursday, September 18th, 2008 at 6:26 am 5 url

      If you want to comment, please read the following guidelines. These are designed to protect you and other users of the site.

      1. Be relevant: Your comment should be a thoughtful contribution to the subject of the entry. Keep your comments constructive and polite.
      2. No advertising or spamming: Do not use the comment feature to promote commercial entities/products, affiliates services or websites. You are allowed to post a link as long as it's relevant to the entry.
      3. Keep within the law: Do not link to offensive or illegal content websites. Do not make any defamatory or disparaging comments which might damage the reputation of a person or organisation.
      4. Privacy: Do not post any personal information relating to yourself or anyone else (i.e., address, place of employment, telephone or mobile number or email address).

      In order to keep these experiences enjoyable and interesting for all of our users, we ask that you follow the above guidlines. Feel free to engage, ask questions, and tell us what you are thinking! insightful comments are most welcomed.

Subscribe to this discussion via RSS

"write as if you were talking to a good friend (in front of your mother)."

.haveyoursay

Disclaimer: For any content that you post, you hereby grant to Kaizeku Ban the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved.

Wp-iStalker WordPress ThemestopCopyright © 2007 - 2009 Kaizeku Ban.