Google Chrome security flaw discovered

Google has downplayed reports of a security vulnerability in its newly-launched Chrome...

Google has downplayed reports of a security vulnerability in its newly-launched Chrome web browser.

Within a day of Chrome's launch, security researchers reported that Chrome had the same auto-download flaw as Apple's Safari web browser.

They said Chrome was developed using the same open-source WebKit rendering engine, and also allowed files to be downloaded automatically to the desktop.

Safari originally did not ask users' permission to download files, which meant malicious code could be dumped on desktops in so-called carpet bomb attacks.

A Google spokesman said this was not the case with Chrome, which was designed to avoid this problem by downloading files to a special download folder by default.

He said some Windows Vista users had found Chrome was downloading files to the desktop, but this was only if the pre-existing browser had been set up that way.

In most cases this would not be an issue and can be fixed easily by changing the preference imported from Vista, he said.

Users can change setting to download files to the recommended default download folder or to prompt users to specify where to save each file before downloading.

Google said in a statement that even where Chrome imported Vista preferences, the operating system's own security mechanisms would help mitigate the risk.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.