Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

May 2009
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Google Chrome was at risk from PWN2OWN flaw

By Sean Michael Kerner on May 14, 2009 9:26 AM
googlechromologo.jpg
From the 'so you think you're secure...' files:

Last month security researcher 'Nils' hacked IE, Safari and Firefox with zero day flaws -- Google's Chrome was conspicuously absent. Microsoft, Firefox and Apple have now fixed their flaws and guess what? It turns out that Chrome was at risk too.

Google revealed late Wednesday that its Chrome stable 1.0.154.65 (released on May 7th) was in fact at risk from the same flaw that took down Safari at PWN2OWN.
"Disclosing that this release contains the fix for CVE-2009-0945, an issue in WebKit code that also affects Apple's Safari web browser," Mark Larson Google Chrome Program Manager wrote in an advisory. "We did not want to disclose this until Apple's fix for Safari users was released."
Apple updated Safari version 3.x and 4.x yesterday for the WebKit flaw originally discovered by Nils at PWN2OWN.

What's really interesting to note here is that it is a flaw in WebKit that was exploited. Since both Safari and Chrome use WebKit both were at risk. This could mean that for an attacker, if they can find a critical flaw in WebKit they could potentially take down two browsers at a time.

The practical reality though is that Chrome and Safari can differ in terms of which version of WebKit they use. As well the fact that both browsers use WebKit means even more developers are looking at the code which could mean fewer flaws and faster fixes (or not). 

| Comments (2) | TrackBacks (0) | Share

Tags:

0 TrackBacks

Listed below are links to blogs that reference this entry: Google Chrome was at risk from PWN2OWN flaw.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8034

2 Comments

Compute_This said:

There is an interesting mythology about competing browsers that parallels competing OSes. The "my platform is safer than your platform" argument never seems to abate.

In actuality, the relative safety over time seems to almost perfectly mirror the evolution of living organisms. Whichever one becomes most prevalent then becomes the target of virus writers. If users of Safari or Chrome succeed in winning over a large market share, they too will suffer the consequences of increased attention of the dark side.

May 14, 2009 12:36 PM
Adam said:

It should be noted that Safari will be less likely to be updated than Chrome, because of the difference between Safari's update mechanism and Chrome's silent updater.

So as flaws are found, most Chrome users will be protected by patches, most without the knowledge that a patch has taken place.

Of course this still doesn't protect against severe zero-day exploits.

May 14, 2009 4:42 PM

Leave a comment