Google has downplayed reports of a security vulnerability in its
newly-launched
Chrome web browser.
Within a day of Chrome's launch, security researchers reported
that Chrome had the same auto-download flaw as
Apple's Safari web browser.
They said Chrome was developed using the same open-source WebKit
rendering engine, and also allowed files to be downloaded
automatically to the desktop.
Safari originally did not ask users' permission to download
files, which meant malicious code could be dumped on desktops in
so-called carpet bomb attacks.
A Google spokesman said this was not the case with Chrome, which
was designed to avoid this problem by downloading files to a
special download folder by default.
He said some Windows Vista users had found Chrome was
downloading files to the desktop, but this was only if the
pre-existing browser had been set up that way.
In most cases this would not be an issue and can be fixed easily
by changing the preference imported from Vista, he said.
Users can change setting to download files to the recommended
default download folder or to prompt users to specify where to save
each file before downloading.
Google said in a statement that even where Chrome imported Vista
preferences, the operating system's own security mechanisms would
help mitigate the risk.