Language Selection

English French German Italian Portuguese Spanish

Google Chrome Browser Exhibits Risky Behavior

Filed under
Software

Google (NSDQ: GOOG)'s Chrome browser may have been designed with security in mind, but that hasn't immunized it from security concerns.

Robert "RSnake" Hansen, CEO of SecTheory, a computer security consulting firm, has identified a vulnerability in Chrome that allows JavaScript code to execute when a user views the source code of a Web page using the view-source: directive.

Hansen's blog post about the vulnerability includes a proof-of-concept Web link that, for Chrome users, triggers the flaw and uses JavaScript to present a dialog box that says, "If you can see this, use another browser...seriously."

While any link can trigger JavaScript in this way, this particular issue could provide a building block for a social engineering attack against a Web developer.

Google is planning to fix the issue shortly. "We believe this behavior does not introduce any particular risk for the vast majority of users who do not use view-source: to browse Web pages," said a company spokesperson in an e-mailed statement. "We're working to more accurately align the view-source: page with expected behavior."

rest here




More in Tux Machines

IsoHunt releases roll-your-own Pirate Bay

Open Source Meritocracy Is More Than a Joke

In January 2014, Github removed the rug in its office's waiting room in response to criticism of its slogan, "United Meritocracy of Github." Since then, the criticism of the idea of meritocracy has spread in free software circles. "Meritocracy is a joke," has become a slogan seen on T-shirts and constantly proclaimed, especially by feminists. Such commentary is true — so far as it goes, but it ignores the potential benefits of meritocracy as an ethos. Anyone who bothers to look can see that meritocracy is more of an ideal than a standard practice in free software. The idea that people should be valued for their contributions may seem to be a way to promote fairness, but the practice is frequently more complicated. Read more Also: Unmanagement and unleadership

Linux Kernel Developers Consider Live Kernel Patching Solution

kPatch and kGraph may soon enable live kernel updates on all Linux distributions, making it possible to apply security and other patches on the open source operating system without rebooting. Read more

A real-time editing tool for Wikipedia

Wikipedia is one of the most frequently visited websites in the world. The vast online encyclopedia, editable by anyone, has become the go-to source for general information on any subject. However, the "crowdsourcing" used by Wikipedia opens their doors to spin and whitewashing–edits that may be less than factual in nature. To help journalists, citizens, and activists track these edits, TWG (The Working Group) partnered with Metro News and the Center for Investigative Reporting to build WikiWash. Read more