Google Chrome security flaw discovered

News

Google Chrome security flaw discovered

Warwick Ashford

Google has downplayed reports of a security vulnerability in its newly-launched Chrome web browser.

Within a day of Chrome's launch, security researchers reported that Chrome had the same auto-download flaw as Apple's Safari web browser.

They said Chrome was developed using the same open-source WebKit rendering engine, and also allowed files to be downloaded automatically to the desktop.

Safari originally did not ask users' permission to download files, which meant malicious code could be dumped on desktops in so-called carpet bomb attacks.

A Google spokesman said this was not the case with Chrome, which was designed to avoid this problem by downloading files to a special download folder by default.

He said some Windows Vista users had found Chrome was downloading files to the desktop, but this was only if the pre-existing browser had been set up that way.

In most cases this would not be an issue and can be fixed easily by changing the preference imported from Vista, he said.

Users can change setting to download files to the recommended default download folder or to prompt users to specify where to save each file before downloading.

Google said in a statement that even where Chrome imported Vista preferences, the operating system's own security mechanisms would help mitigate the risk.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy