Language Selection

English French German Italian Portuguese Spanish

Google Chrome Browser Exhibits Risky Behavior

Filed under
Software

Google (NSDQ: GOOG)'s Chrome browser may have been designed with security in mind, but that hasn't immunized it from security concerns.

Robert "RSnake" Hansen, CEO of SecTheory, a computer security consulting firm, has identified a vulnerability in Chrome that allows JavaScript code to execute when a user views the source code of a Web page using the view-source: directive.

Hansen's blog post about the vulnerability includes a proof-of-concept Web link that, for Chrome users, triggers the flaw and uses JavaScript to present a dialog box that says, "If you can see this, use another browser...seriously."

While any link can trigger JavaScript in this way, this particular issue could provide a building block for a social engineering attack against a Web developer.

Google is planning to fix the issue shortly. "We believe this behavior does not introduce any particular risk for the vast majority of users who do not use view-source: to browse Web pages," said a company spokesperson in an e-mailed statement. "We're working to more accurately align the view-source: page with expected behavior."

rest here




More in Tux Machines

Wayland in Fedora 23 Linux Allows for Use of Multiple Monitors with Different DPIs

Fedora Project, through Christian Schaller, was proud to report on the progress made for the next-generation Wayland display server that it might be used by default on the upcoming major release of the Fedora Linux operating system, Fedora 23. Read more

GNOME Developers Discuss Codenames, GNOME 3.18 Might be Dubbed "Gothenburg"

Allan Day, a GNOME UX designer working for Red Hat and renowned GNOME developer/contributor, opened an interesting discussion on the official GNOME mailing list, about possible codenames for upcoming releases of the acclaimed desktop environment for GNU/Linux operating systems. Read more

Developer lowers Drupal's barrier to entry

From a consumer perspective, I'd like open source to be ubiquitous to the point of invisibility. Using recent Ubuntu distros, I'm always shocked at how professional the environment feels. Just five years ago, you'd need to hunt down drivers and do a bunch of fiddling to get basic things like a sound card working. Now there are so many pushbutton ways to deploy open source tech, from OSes to CMS distros on Pantheon to buying an Android-powered mobile phone. We're not quite to the point where CMS users can feel like open source is transparent; there's still a huge investment in vendors to give you the expertise to manage your Drupal or WordPress site, for example. But we're closer than we were a decade ago, and that's pretty exciting. Read more

Intel invests $60 million in drone venture

Intel is investing $60 million in UAV firm Yuneec, whose prosumer “Typhoon” drones use Android-based controllers. Intel Corp. CEO Brian Krzanich and Yuneec International CEO Tian Yu took to YouTube to announce an Intel investment of more than $60 million in the Hong Kong based company to help develop drone technology. No more details were provided except for Krzanich’s claim that “We’ve got drones on our road map that are going to truly change the world and revolutionize the industry.” One possibility is that Intel plans to equip the drones with its RealSense 3D cameras (see farther below). Read more