Google Chrome Vulnerabilities (Sep 4, 2008)

On September 2nd 2008 Google released Chrome, an open source web browser. Chrome uses tabs as primary component of its user interface. It uses the (open source) WebKit rendering engine on advice from the Android team.

One of Chrome’s design goals is improving security. It is achieved by:
1. Each tab in Chrome is sandboxed into its own process.
2. Plugins are run in separate processes that communicate with the renderer.
3. Chrome periodically downloads updates of phishing and malware blacklists.

Just hours after the release, a few vulnerabilities in Google Chrome were discovered. One is that Chrome allows files (e.g., executables) to be automatically downloaded to the user’s computer without any user prompt. Another is a denial-of-service vulnerability; Chrome will crash when it loads a web page which has an undefined handler followed by a special character.

SonicWALL has tested and confirmed these vulnerabilities on Google Chrome version 0.2.149.27, Build 1583. Two signatures were released on September 3rd to detect and block attacks targeting these vulnerabilities. The signatures are:

• (3458) WEB-CLIENT Google Chrome Automatic File Download PoC

• (3459) WEB-CLIENT Google Chrome Undefined Handler DoS PoC

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.