Security firm spots Chrome 'SaveAs' flaw

Bach Khoa Internet Security of Vietnam reports that the new Google browser is susceptible to a critical buffer-overflow flaw.

Chrome beta logo

It's been only a few days since Google released its Chrome browser, and security researchers are still digging into the software in search of the first few flaws.

A company in Vietnam has turned up the latest vulnerability in Chrome, according to a story posted to Information Week's Web site. Bach Khoa Internet Security says that the Chrome release is susceptible to a critical buffer-overflow flaw, which could allow a remote attacker to take control of a PC. BKIS says it has reported the vulnerability to Google.

Here's how BKIS describes the vulnerability and how it could be exploited:

The vulnerability is caused due to a boundary error when handling the "SaveAs" function. On saving a malicious page with an overly long title (title tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users' systems.

To exploit the Vulnerability, a hacker might construct a specially crafted Web page, which contains malicious code. He then tricks users into visiting his Website and convinces them to save this Page. Right after that, the code would be executed, giving him the privilege to make use of the affected system.

Earlier this week, security researcher Rishi Narang reported a flaw related to how Chrome, still in beta, behaves with undefined handlers, while another researcher, Aviv Raff, developed a proof-of-concept demo that showed Chrome could be hit with a carpet-bombing flaw.

Click here for full coverage of the Google Chrome launch.

Featured Video

Why do so many of us still buy cars with off-road abilities?

Cities are full of cars like the Subaru XV that can drive off-road but will never see any challenging terrain. What drives us to buy cars with these abilities when we don't really need them most of the time?

by Drew Stearne