Tag: Vulnerability

Google Chrome Download Vulnerability

By Vygantas Lipskas | September 4, 2008 | 3 Comments

Google Chrome Download VulnerabilityUS-CERT is aware of a vulnerability that affects the Google Chrome web browser. This vulnerability is due to a default configuration that allows files to be downloaded without prompting the user. In addition, downloaded files can be opened with a single click, which could allow a user to inadvertently open a malicious file.

US-CERT encourages users to enable the “Ask where to save each file before downloading” option within the “Minor Tweaks” tab in the browser preferences. Continue Reading

Firefox 2.0.0.12 to Fix Chrome Protocol Directory Traversal Vulnerability

By Vygantas Lipskas | January 30, 2008 | 1 Comment

Firefox 2.0.0.12The upcoming Firefox 2.0.0.12 release will fix this flaw. It affects extensions (more than 600) which are installed as a set of uncompressed files instead of widely used .jar files.

Issue
A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure.

Impact Continue Reading