Google Chrome Download Vulnerability

Forum Moderators: open

Message Too Old, No Replies

Google Chrome Download Vulnerability

allows files to be downloaded without prompting the user

coopster

7:00 pm on Sep 3, 2008 (gmt 0)

US-CERT is aware of a vulnerability that affects the Google Chrome web browser. This vulnerability is due to a default configuration that allows files to be downloaded without prompting the user. In addition, downloaded files can be opened with a single click, which could allow a user to inadvertently open a malicious file.

US-CERT encourages users to enable the "Ask where to save each file before downloading" option within the "Minor Tweaks" tab in the browser preferences. Although this does not fix the underlying vulnerability, selecting this option will warn the user before files are downloaded. Users should still exercise caution when visiting and downloading items from untrusted websites.

US-CERT will provide additional information as it becomes available.

The alert is running on the US-CERT Current Activity page [us-cert.gov] right now, but not much else for details.

henry0

9:35 pm on Sep 6, 2008 (gmt 0)

I hate to state it: “Could that be the beginning of a proxy surge?”
I mean not proxy for us, somehow in the IT world, but for the lambda user

On another hand (please, note that I am not kidding)
Isn’t it time to face the sad truth “what else could be known about us?”
Pretty much all of our private details are know by the gov, SS, insurance, bank, mortgage, medical etc….

Do we really have any more so called “privacy” to protect?

zeus

9:17 am on Sep 7, 2008 (gmt 0)

Henry0 - its really gone mad you are right here and now we have a company that rules the net, my fear is always when so much is collected and some DB is than hacked then they can use all your date for all kind bad things, we know everything can be hacked.

henry0

6:40 pm on Sep 12, 2008 (gmt 0)

And more on the privacy issue [webmasterworld.com]

This 33 message thread spans 2 pages: 33