Google Chrome Vulnerabilities

September 4, 2008

On September 2nd 2008 Google released Chrome, an open source web browser. Chrome uses tabs as primary component of its user interface. It uses the (open source) WebKit rendering engine on advice from the Android team.

One of Chrome's design goals is improving security. It is achieved by:
1. Each tab in Chrome is sandboxed into its own process.
2. Plugins are run in separate processes that communicate with the renderer.
3. Chrome periodically downloads updates of phishing and malware blacklists.

Just hours after the release, a few vulnerabilities in Google Chrome were discovered. One is that Chrome allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt. Another is a denial-of-service vulnerability; Chrome will crash when it loads a web page which has an undefined handler followed by a special character.

SonicWALL has tested and confirmed these vulnerabilities on Google Chrome version, Build 1583. Two signatures were released on September 3rd to detect and block attacks targeting these vulnerabilities. The signatures are:

  • (3458) WEB-CLIENT Google Chrome Automatic File Download PoC
  • (3459) WEB-CLIENT Google Chrome Undefined Handler DoS PoC