• Welcome to Valhalla Legends Archive.
 

Google Chrome

Started by Invert, September 04, 2008, 02:18 AM

Previous topic - Next topic

Invert

I like it! Oh, and it's really fast.


c0ol

Thats hardly damning, every suggest-bar on the internet behaves similarly to this.  Also the link provided requires you to click on said download to execute it, how is this new?

iago

Quote from: c0ol on September 04, 2008, 09:40 AM
Thats hardly damning, every suggest-bar on the internet behaves similarly to this.  Also the link provided requires you to click on said download to execute it, how is this new?
It isn't new, Apple's Safari had the exact same problem a couple months ago. If you read about Safari's "Carpet Bombing" attack, you'll see that there were a number of ways to leverage it.

For example, if you send them a file called desktop.ini, it's possible to leverage another vulnerability to run the program (which has been done before). Additionally, you can use it to make attacks against other applications that read local files (AV scanners come to mind, there have been a lot of vulnerabilities in those lately). Also, if you name it similar to an installation file (maybe setup.exe or firefox-3.1.exe, for example), when the user downloads the real one, they might click on the wrong one.

Also, it's fairly easy to trick a user into running the file, simply because of how the browser displays it. All it takes is a single click in a place known to the attacker, and the file is executed unprompted: screenshot. And, because it's a .jar file, Windows won't alert you that it came from an untrusted zone.

So yeah, it's not new, but it is an important vulnerability.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


brew

Sucky interface, wrong reasons for the process-per-tab scheme, *really* bad ToU, they try too hard to be revolutionary.
Bottom line: It's one more thing I'll never, ever run.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

c0ol

Quote from: brew on September 04, 2008, 10:35 AM
Sucky interface, wrong reasons for the process-per-tab scheme, *really* bad ToU, they try too hard to be revolutionary.
Bottom line: It's one more thing I'll never, ever run.
http://www.mattcutts.com/blog/google-chrome-license-agreement/

iago

Quote from: c0ol on September 04, 2008, 10:51 AM
Quote from: brew on September 04, 2008, 10:35 AM
Sucky interface, wrong reasons for the process-per-tab scheme, *really* bad ToU, they try too hard to be revolutionary.
Bottom line: It's one more thing I'll never, ever run.
http://www.mattcutts.com/blog/google-chrome-license-agreement/

Hmm, they said, "This change will apply retroactively to all users who have downloaded Google Chrome" -- is that even allowed?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


c0ol

Quote from: iago on September 04, 2008, 11:46 AM
Hmm, they said, "This change will apply retroactively to all users who have downloaded Google Chrome" -- is that even allowed?

I haven't fully read the EULA but I am pretty sure its par for the course to have a "This document is subject to change" kind of clause in there somewhere.

iago

Quote from: c0ol on September 04, 2008, 01:35 PM
Quote from: iago on September 04, 2008, 11:46 AM
Hmm, they said, "This change will apply retroactively to all users who have downloaded Google Chrome" -- is that even allowed?

I haven't fully read the EULA but I am pretty sure its par for the course to have a "This document is subject to change" kind of clause in there somewhere.

Yeah, but those aren't allowed either. :P
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Spht

Been using it exclusively since it was released.  i like it

Sixen

I like it a lot, I just wish they added a Plugin System... Unless i'm missing something?
Blizzard Tech Support/Op W@R - FallenArms
The Chat Gem Lives!
http://www.diablofans.com
http://www.sixen.org

AcidAngel

they really need to fix the 'carpet bombing' problem, I was in their irc room last night and the dev who was around didn't seem to think that it was even that important for updating, which was kinda lolwut. They also seem like they haven't planned a good long term strategy from what the devs were talking about regarding installation in a multiple user environment. I'll admit the browser is nice though, once its got a decent plugin system (ie. adblock support, which is what everyone and their mother wants) it will probably replace firefox in my day to day

iago

Quote from: AcidAngel on September 05, 2008, 02:39 AM
once its got a decent plugin system (ie. adblock support, which is what everyone and their mother wants) it will probably replace firefox in my day to day
I suspect that the whole reason the released that browser is because they're losing so much revenue to Adblock. I highly doubt they'll allow it. :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


brew

But it IS open source. Who's to say somebody won't start a splinter project and give the people what they want? Then I'm sure google would get their ass in gear :p
They're too used of shitting out absolutely anything they'd like and having the people instantly love it because it's *google*
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

MyndFyre

Quote from: brew on September 05, 2008, 10:57 AM
But it IS open source. Who's to say somebody won't start a splinter project and give the people what they want?
"Platinum" - Chrome + AdBlock
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.