Google’s Chrome browser has been marred by yet another vulnerability, this one allowing attackers to impersonate websites of groups like the Better Business Bureau, PayPal or, well, Google.
Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers from the Mountain View, California search behemoth.
“I don’t see Apple Safari vulnerable in the same way,” he writes in an email to The Register. “They share the same engine(webkit).”
Peter Bright writes:
But before looking at the question of disassembly, it’s worth taking a look at how Chrome is put together and at why its security architecture is interesting.
Continue reading at ars technica
“Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.”
continue reading at ZDNET