Jump to content

Google acknowledge common vulnerability for Chrome


nsane.forums

Recommended Posts

nsane.forums

Although remaining un-cracked at the last Pwn2Own, Google now says Chrome shared the same vulnerability as other browsers at the time.

Google says this was not revealed then because, although Chrome's developers had actually mentioned the bug on the Google bug database the very day the competition took place they decided to backtrack and keep quiet about the problem out of consideration for the Apple Safari developers.

The vulnerability itself was in WebKit, the open source rendering engine which is used both by Chrome and Safari. Larson says the problem is with WebKit's handling of SVGList objects and an exploit would require tricking the user into visiting a malicious web site. However the reason that Chrome proved more resilient during the contest was that it employs "sandbox" security to block system access. A successful exploit of the WebKit vulnerability would only allow an attacker to run code within the limits of the sandbox. Internet Explorer 7 & 8 running under Vista or the upcoming Windows 7 also utilize a sandbox defense.

view.gif View: Original Article

Link to comment
Share on other sites


  • Views 923
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...