Security flaws hit Google’s Chrome
The web giant's browser isn't so shiny, say researchers, as Google changes the controversial user license.


Security researchers have been quick to find flaws in Chrome, Google's shiny foray into the browser market.
Google launched the browser this week, to the surprise and delight of many, but security researcher Affiv Raff posted yesterday on his site a proof of concept for an exploit in the browser, which takes advantage of code borrowed from an old version of Apple's Safari. The flaw leaves the Google browser open to carpet bombing attacks, the researcher said.
According to Raff, Chrome is based on WebKit 525.13, which is essentially Safari 3.1, and features the same flaw that Apple has since patched in its browser. That flaw, paired with a Java bug, could be used to execute code in Chrome.
Raff wrote: "I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it's very problematic. They'll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time."
Raff added: "Chrome seems to be a very nice and slick browser, but it is far from being secured as it is advertised by Google. It borrows several insecure features from other browsers, and it has its own security design flaws."
Another flaw was discovered by researcher Rishi Narang, which he said can lead to the browser crashing without any user interaction.
He wrote on his site: "When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window Whoa! Google Chrome has crashed. Restart now?'."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Another criticism of the Chrome browser has been the user licence, section 11 of the agreement which pops up when users download the software.
At launch, it creepily read: "By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services."
After a bit of controversy, Google has now changed it to: "You retain copyright and any other rights that you already hold in Content that you submit, post or display on or through the Services."
Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.
Nicole the author of a book about the history of technology, The Long History of the Future.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Spanish spyware outfit uncovered, develops exploits for Windows, Chrome, and Firefox
News Google was only able to discover the company after an anonymous submission was made to its Chrome bug reporting programme
By Zach Marzouk Published
-
Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins
News New integrations across various security pillars aim to improve Chrome OS and Chrome browser security for enterprise customers
By Connor Jones Published
-
Google patches second Chrome browser zero-day of 2022
News Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
By Connor Jones Published
-
Acer Chromebook Spin 513 review: Cheap and mostly cheerful
Reviews An affordable Chromebook convertible with good looks but mediocre performance
By Mike Jennings Published
-
Google says Chrome is now faster than Safari on Apple Silicon
News According to Apple's own benchmarks, Chrome 99 scored the highest out of any browser ever tested
By Connor Jones Published
-
Google Chrome update fixes zero-day under active exploitation
News Google releases a fresh wave of patches for severe vulnerabilities that could facilitate code execution and system takeover via Google Chrome
By Connor Jones Published
-
Asus Chromebook CX9 (CX9400CE) review: The most stylish Chromebook on the market
Reviews A sleek, expensive Chromebook that tries to bring professional style to Google’s OS
By Mike Jennings Published
-
Chromebook shipments plunge due to 'shift in demand'
News Sales of Chrome OS devices fell 29.8% in the third quarter of 2021 to 6.5 million units, according to IDC
By Danny Bradbury Published