Language Selection

English French German Italian Portuguese Spanish

Google Chrome Browser Exhibits Risky Behavior

Filed under
Software

Google (NSDQ: GOOG)'s Chrome browser may have been designed with security in mind, but that hasn't immunized it from security concerns.

Robert "RSnake" Hansen, CEO of SecTheory, a computer security consulting firm, has identified a vulnerability in Chrome that allows JavaScript code to execute when a user views the source code of a Web page using the view-source: directive.

Hansen's blog post about the vulnerability includes a proof-of-concept Web link that, for Chrome users, triggers the flaw and uses JavaScript to present a dialog box that says, "If you can see this, use another browser...seriously."

While any link can trigger JavaScript in this way, this particular issue could provide a building block for a social engineering attack against a Web developer.

Google is planning to fix the issue shortly. "We believe this behavior does not introduce any particular risk for the vast majority of users who do not use view-source: to browse Web pages," said a company spokesperson in an e-mailed statement. "We're working to more accurately align the view-source: page with expected behavior."

rest here




More in Tux Machines

Development News

  • PHP 7.1 Alpha 2 Released
    Succeeding the PHP 7.1 Alpha release that happened earlier this month is now the second alpha build of this significant update to the PHP programming language.
  • 4 languages poised to out-Python Python
    Nothing lasts forever -- including programming languages. What seems like the future of computing today may be tomorrow's footnote, whether deserved or undeserved. Python, currently riding high on the list of languages to know, seems like a candidate for near-immortality at this point. But other languages are showing that they share Python's strengths: convenient to program in, decked out with powerful ways to perform math and science work, arrayed with a huge number of convenient third-party libraries.
  • ECMAScript 2016: The Latest Version Of JavaScript Language Has Arrived

Linux Devices

  • Open-source project for smartwatches seeks developer contributions
    AsteroidOS is an open-source smartwatch operating system still in its early stages of development. Developers can currently port AsteroidOS to new smartwatches, or develop, translate and test apps on their own watches. They can also create an Asteroid app by using an SDK that is generated by OpenEmbedded, a build framework for embedded Linux. Developers can use a prebuilt SDK or build it themselves.
  • Raspberry Pi powers RaspTouch open source music player
    RaspTouch mainCheck out the RaspTouch project on KickStarter, from France. It has two main elements: the touchscreen interface and the main body of the player, featuring a ES9023 or ES9018K2M DAC output. The makers describe it as the “ultimate open source music player”.
  • Small footprint open source hypervisor

Mozilla Rebranding

  • Mozilla Pushes Online Privacy with New Open Source Funding Awards
    Mozilla is funneling yet more money into the open source ecosystem. This week, the organization best known for the Firefox Web browser announced an award of $385,000 to fund eight open source projects, including several important online privacy platforms.
  • Mozilla to Rebrand Itself, and You're Invited to Help
    Mozilla has been involved in reinventing itself for some time now. Known for the venerable Firefox browser, it has made forays into several other open source arenas, and was even known for its dalliance with the smartphone business. The company is currently involved in a broad rebranding effort, and the way it is going about rebranding comes directly from the open source playbook.
  • “Branding without walls”: Mozilla’s open-source rebrand
    Internet advocacy and software group Mozilla is rebranding with help from johnson banks. In an unusual move, the company has decided to document the process online – from strategy and concept development to refinement – inviting its community to help shape its new positioning

Google “Project Bloks” education kit starts with RPi Zero

Google’s “Project Bloks” education platform is built around a Raspberry Pi Zero that controls baseboards that talk to “Puck” inputs via a capacitive sensor. Google announced a Project Bloks hacker platform for kids, developed with IDEO and Paulo Blikstein of Stanford University. A prototype has been built based on the Linux-driven Raspberry Pi Zero SBC, and now Google is seeking researchers, developers, and designers who are interested in using the technology “to build physical coding experiences.” Later this year, Google will conduct a remote research study with the help of these partners. Read more