PDA

View Full Version : Google Chrome security holes



theGypsy
09-03-2008, 09:19 AM
Just thought I'd pass this along (in regards to Google's new browser)

Google Chrome vulnerable to carpet-bombing flaw | Zero Day | ZDNet.com (http://blogs.zdnet.com/security/?p=1843)

cbscreative
09-03-2008, 12:04 PM
I'm glad I'm not an early adapter of Google's wonderful new browser. Interesting that it was a known issue because they did nothing more than stick their nameplate on a Safari browser that was upgraded because of this problem. I would have expected better from Google, that was quite a blunder.

billbenson
09-03-2008, 06:12 PM
Chrome is getting a lot of bad PR right now from bugs, to features, to being a resource hog.

IE 8 has just been released and it apparently has a number of security features that could effect the ability of a lot of websites to work properly. One is at the surfers digression, not allowing cookies or erasing them when a web page is closed. This could affect things like remembering passwords signing into forums to shopping carts. Lets say you select a bunch of things to buy and put them in your cart. If you sign out and have the security feature enabled it may erase what was in your shopping cart so you have to start over if you come back to buy later.

Employers may not like the security feature either because workers can surf adult or gambling sites and with a click erase all history. It's more difficult for employers to monitor computer abuse.

Here's a quote from the link below which is also a good read.


Flash is a tremendous resource hog in Firefox, eating up processor time to the point where there is nothing left for other programs. It does this even if you're not actively doing anything. Merely having a YouTube page open on your screen will suck power from your computer's central processing unit, or CPU. This is outrageous behavior for a browser. It's my CPU and I want it back.

Luckily, there's a small add-on program for Firefox that lets the user prevent Flash files from running automatically when a page loads, and it turns Firefox into a stable, efficient browser.

What does this mean on Chrome? Well, it has the same problem. It lets sites running Flash take over your computer's resources. It doesn't hog the CPU quite as bad as with Firefox, but in a way, it's more serious, because unlike with Firefox, there's no way to stop Flash from running. Chrome's controls are quite bare-bones, perhaps because it's still in "beta."

Review: Google's Chrome needs more polish - CNN.com (http://www.cnn.com/2008/TECH/ptech/09/03/review.chrome.ap/index.html)

Paul Elliott
09-04-2008, 12:53 AM
Thanks for the heads-up.

Paul

orion_joel
09-04-2008, 01:23 AM
Hmmm, i have been more then happy with Firefox, with one small exception (if i have multiple tabs, and browser's open, it uses a lot of ram (eg 2 or 3 windows with 5-10 tabs a piece) maybe i should expect that though). But i figure if it is not broken why try and fix it by using something new and buggy.

vangogh
09-04-2008, 01:30 AM
Thanks Dave and Bill.

I actually downloaded Chrome yesterday and installed it last night to see how it was. I thought it was pretty good. It was definitely faster than other browsers and Google packaged in some nice developer tools. You can see this was written by developers and for developers.

Not surprising that there are security holes and Chrome is still in beta. I think it was version 0.2.something so it's not exactly a mature product yet.

As slow as it gets sometimes I'm not giving up Firefox any time soon. Too many extensions I depend on. And I think if Chrome is going to succeed it's going to need to get the developer community building extensions for it, which I assume it will.

The oddest thing about it for me was not seeing the usual File, Edit, etc menu at the top and no status bar at the bottom. The browser does need more polish, but again and in all fairness it's day two and still part of Google Labs. I can see in a few months and with the addition of some extensions it could take away market share from other browsers.

Ok, now I need to go search for that Firefox plugin that keeps Flash from running. I'm tired of FF hanging all the time.

billbenson
09-04-2008, 02:16 AM
If you try that flash blocker plugin, let us know how it works. My work pc generally doesn't have much on it that is running flash or utube. But I do keep an instance open that has this and other forums open, cnn, stuff I go to for a break. Not to mention yahoo which always has video or flash ads. Kinda makes sense why my computer (circa 2003) has a corinary after 3 days.

I hate reboots. even with sessions it takes me 30 min to get back to where I was in the middle of a week.

vangogh
09-04-2008, 02:41 AM
I wasn't sure which plugin it was. Nice of the article not to mention its name. I think it's called Stop Autoplay (https://addons.mozilla.org/en-US/firefox/addon/1765), but the reviews seem to say it doesn't work with FF3 so I didn't install it.

There's another extension called Flashblock (https://addons.mozilla.org/en-US/firefox/addon/433) that completely blocks all Flash and displays a blank box instead. I don't want to block Flash though. I just want to make FF stop hanging.

I reinstalled FF 3.0.1 and so far it's behaving a little better, but that could change by tomorrow. I also disabled a bunch of extensions I don't really use much.

billbenson
09-04-2008, 02:56 AM
I think I stuck this in another post, but FF 3 is rendering css differently than the prior versions ie some old pages may not work right for layout.

A lot of the plugins seem to lag behind the current version of ff. Like most updates, I suspect it is best to wait to install the current version.

Opposite side of that coin is surfers are going to click on the update to the latest button whether its IE, G, FF, or malware....