Google recently launched its own browser called chrome. Browser looks good assuming that its a first beta release. But they have missed out on some of critical security vulnerabilities. The two security vulnerabilities which I found in chrome with examples are given below:
- Cross Domain XMLHTTP Request Calls
- Carpet-Bomb attack
The XMLHttp Request object is at the core of today's most exciting AJAX web applications. But actually writing client web applications that use this object can be tricky given restrictions imposed by web browsers . Web browsers don't allow us to make the xmlhttprequests across the domains, i.e, a web page on yahoo.com domain cant make xmlhttp request to google.com. This restriction is there to ensure the security. But chrome browser doesn't seems to adhere to this security standard. Chrome is freely allowing us to make cross-domain calls. So how can this vulnerability be exploited, say you are logged-in to your gmail account and now say you reach one of web page created by me. On the web page I send a XMLhttprequest to http://gmail.com/contacts (assume that url gets us the contact list), I can post all these contacts to one of my server. This is just one example on how to exploit this vulnerability there can be many other things an exploiter can do including cookie theft.
Here is an example which loads the Address book of rediff if user is logged in to rediff account. Try this link in chrome, if you are logged in into rediffmail, clicking on load will actually load content of your rediffmail address book. This will not work on firefox and IE.
Carpet Bomb Attack:
Traditional browsers like firefox and IE prompt users before downloading any malicious files. But chrome doest want to bother its users by prompting them whether they want to download the files. Carpet bomb vulnerability earlier existed in Safari. Here is an example of how opening an URL can download .exe file on to your desktop. Try opening this link using chrome browser, It will download a sample .exe file in the default download location.
Microsoft was always on receiving end for building insecure products. Google seems to be no different when it comes to core products. Hope Google will fix these vulnerabilities soon and release next version of chrome.
Also Read: Google Fixes Security Issues in chrome and Updates Silently