Apple Safari Carpet Bomb Flaw Hits Google Chrome Browser
September 3, 2008
Security researcher Avivi Raff has discovered a carpet-bombing vulnerability that could expose Windows users of Google Chrome browser to serious security attacks. This is the same vulnerability that was originally discovered in Apple’s Safari browser by another well-known researcher - Nitesh Dhanjani - four months ago.
Dhanjani’s discovery of Safari’s carpet-bombing flaw prompted Microsoft to issue a Microsoft Security Advisory (953818) in May urging Windows users to drop Apple’s browser.
It is unclear whether Microsoft will do the same for Windows users of Chrome browser. Apple patched the flaw with Safari v3.1.2 in June. According to security evangelist at Kaspersky Lab, Ryan Naraine, hackers could exploit carpet-bombing flaw and combine two vulnerabilities “…a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executable direct from the new browser.”
It is important to remember that Chrome is still in beta stage, and new bugs and security vulnerabilities are likely to be discovered and reported in the coming days or weeks. However, Chrome users should not be overly worried about these types of ‘beta’ problems. If you stay away from suspicious and dirty web sites, then your chances of being attacked by pop-up downloads, dialers or nasty viruses are very low. Google is expected to issue carpet-bombing patch shortly.
I am really blessed to have come across this bit of information.
http://www.safaribrowserwindows.com
manash, according to your link, quote: “… the overall relationship between browser performance is maintained for the initial web page load, with the Safari 3.0 beta the fastest, followed by IE7 close behind, and Firefox 2 the slowest.” Dude, IE is much slower than Chrome, and Safari is just a little bit faster than EI. They can’t compete with Chrome.