Chrome’s ‘Save As’ Flaw Could Give Attackers Control

September 9th, 2008

Bach Khoa Internetwork Security, a security-research firm in Vietnam, claims to be the first to discover a critical vulnerability in Google’s Chrome browser.”This is the first critical Chrome vulnerability permitting [a] hacker to perform a remote code-execution attack and take complete control of the affected system,” the firm wrote in its Sept. 5 advisory. While four Chrome vulnerabilities were discovered, Bach Khoa said the “Save As” flaw is the only one that can allow an attacker to launch remote attacks from a victim’s PC. Other vulnerabilities just crash the browser.

The vulnerability is caused by a boundary error when handling the “Save As” function. When a user saves a malicious page with a title tag in the HTML code, the program causes a stack-based overflow, according to Bach Khoa. A hacker could construct a specially crafted Web page that contains malicious code, trick a user into visiting that Web site, and convince the user to save the page. That will execute the code and give the attacker privileges to remotely use the infected system.

A Google spokesperson said, “”We have released a fix to address this vulnerability. Users will get this fix through an automated update to the browser, so they will not have to take any action to be protected.”

Click here to read the rest of this story on NewsFactor.

Entry Filed under: Hot off the Press