NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA Listmaster

NRT-0630 Chrome address flaw enables Web site spoofing:


A newly discovered vulnerability in Google's Chrome browser allows attackers to impersonate Web sites of groups like the Better Business Bureau, PayPal, and Google, according to an online technology journal article. Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers. "I don't see Apple Safari vulnerable in the same way," he writes in an e‑mail to The Registar. "They share the same engine (webkit)." According to the article, Liu's proof of concept demonstrates that it is possible to send Chrome users to a page under his control while causing the browser's address bar to display the domain name bbb.org. A Google representative says Chrome's spoofing vulnerability is a "known issue" that will be fixed in an update and pushed to end users soon.

(www.theregister.co.uk, 26OCT08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Friday, 14-Nov-2008 20:47:35 EST