Google Chrome

Invert · September 04, 2008, 02:18 AM

I like it! Oh, and it's really fast.

DeTaiLs · September 04, 2008, 03:01 AM

http://news.cnet.com/8301-13860_3-10031661-56.html
http://blogs.zdnet.com/security/?p=1843
enough said

c0ol · September 04, 2008, 09:40 AM

Thats hardly damning, every suggest-bar on the internet behaves similarly to this. Also the link provided requires you to click on said download to execute it, how is this new?

iago · September 04, 2008, 10:20 AM

Quote from: c0ol on September 04, 2008, 09:40 AM
Thats hardly damning, every suggest-bar on the internet behaves similarly to this. Also the link provided requires you to click on said download to execute it, how is this new?

It isn't new, Apple's Safari had the exact same problem a couple months ago. If you read about Safari's "Carpet Bombing" attack, you'll see that there were a number of ways to leverage it.

For example, if you send them a file called desktop.ini, it's possible to leverage another vulnerability to run the program (which has been done before). Additionally, you can use it to make attacks against other applications that read local files (AV scanners come to mind, there have been a lot of vulnerabilities in those lately). Also, if you name it similar to an installation file (maybe setup.exe or firefox-3.1.exe, for example), when the user downloads the real one, they might click on the wrong one.

Also, it's fairly easy to trick a user into running the file, simply because of how the browser displays it. All it takes is a single click in a place known to the attacker, and the file is executed unprompted: screenshot. And, because it's a .jar file, Windows won't alert you that it came from an untrusted zone.

So yeah, it's not new, but it is an important vulnerability.

brew · September 04, 2008, 10:35 AM

Sucky interface, wrong reasons for the process-per-tab scheme, *really* bad ToU, they try too hard to be revolutionary.
Bottom line: It's one more thing I'll never, ever run.

c0ol · September 04, 2008, 10:51 AM

Quote from: brew on September 04, 2008, 10:35 AM
Sucky interface, wrong reasons for the process-per-tab scheme, *really* bad ToU, they try too hard to be revolutionary.
Bottom line: It's one more thing I'll never, ever run.

http://www.mattcutts.com/blog/google-chrome-license-agreement/

iago · September 04, 2008, 11:46 AM

Quote from: c0ol on September 04, 2008, 10:51 AM
Quote from: brew on September 04, 2008, 10:35 AM
Sucky interface, wrong reasons for the process-per-tab scheme, *really* bad ToU, they try too hard to be revolutionary.
Bottom line: It's one more thing I'll never, ever run.
http://www.mattcutts.com/blog/google-chrome-license-agreement/

Hmm, they said, "This change will apply retroactively to all users who have downloaded Google Chrome" -- is that even allowed?

c0ol · September 04, 2008, 01:35 PM

Quote from: iago on September 04, 2008, 11:46 AM
Hmm, they said, "This change will apply retroactively to all users who have downloaded Google Chrome" -- is that even allowed?

I haven't fully read the EULA but I am pretty sure its par for the course to have a "This document is subject to change" kind of clause in there somewhere.

iago · September 04, 2008, 02:54 PM

Quote from: c0ol on September 04, 2008, 01:35 PM
Quote from: iago on September 04, 2008, 11:46 AM
Hmm, they said, "This change will apply retroactively to all users who have downloaded Google Chrome" -- is that even allowed?

I haven't fully read the EULA but I am pretty sure its par for the course to have a "This document is subject to change" kind of clause in there somewhere.

Yeah, but those aren't allowed either.

Spht · September 04, 2008, 07:31 PM

Been using it exclusively since it was released. i like it

Sixen · September 04, 2008, 11:53 PM

I like it a lot, I just wish they added a Plugin System... Unless i'm missing something?

AcidAngel · September 05, 2008, 02:39 AM

they really need to fix the 'carpet bombing' problem, I was in their irc room last night and the dev who was around didn't seem to think that it was even that important for updating, which was kinda lolwut. They also seem like they haven't planned a good long term strategy from what the devs were talking about regarding installation in a multiple user environment. I'll admit the browser is nice though, once its got a decent plugin system (ie. adblock support, which is what everyone and their mother wants) it will probably replace firefox in my day to day

iago · September 05, 2008, 07:28 AM

Quote from: AcidAngel on September 05, 2008, 02:39 AM
once its got a decent plugin system (ie. adblock support, which is what everyone and their mother wants) it will probably replace firefox in my day to day

I suspect that the whole reason the released that browser is because they're losing so much revenue to Adblock. I highly doubt they'll allow it.

brew · September 05, 2008, 10:57 AM

But it IS open source. Who's to say somebody won't start a splinter project and give the people what they want? Then I'm sure google would get their ass in gear :p
They're too used of shitting out absolutely anything they'd like and having the people instantly love it because it's *google*

MyndFyre · September 05, 2008, 12:29 PM

Quote from: brew on September 05, 2008, 10:57 AM
But it IS open source. Who's to say somebody won't start a splinter project and give the people what they want?

"Platinum" - Chrome + AdBlock