Google’s Chrome
A few days ago I published an article on some disturbing issues with Google’s new browser Chrome. Many people feel the issues that I (and many others) have raised are not a big concern due to Chrome only being a BETA. But the issues that have been uncovered this far are only the tip of the iceberg. After a few days of testing I have discovered some very disturbing items about Chrome.
Author: Sean Kalinich
Published: September 11th 2008
Type: Editorial (Comment)
Spelling and Grammatical editor: Planetx64 Staff
Gaping Security Flaws:
Although many seem to be heralding Google’s Chrome as secure and akin to the second coming a quick survey and look around the Internet finds that most of the security community feels otherwise. It would seem that Chrome is as full of holes as Apple’s Safari 3 and is prone to just about the same exploits.
Now, before you shout about its BETA status, let me remind you that these issues are like to not go away; they are fundamental flaws in the way Chrome works at its core. The metal beneath the Flashy Chrome appears to be brittle and poor quality.
Push updates:
Another hot item is the fact that Chrome pushes updates invisibly to the user. I was shocked while testing other items in Chrome to see the Google Update service pop up spawning five separate threads (at least it is efficient) and start to install items onto my test system. I was not warned this would happen. I was not given the option to stop this. It just chattered away installing whatever Google was sending. Given this invisible operation and the likelihood that Chrome is vulnerable to most of the Safari 3 exploits this opens up a whole new world of potential risks and threats to your systems security and gives the hackers, script kiddies and many others a handy way to take over your system.
HDD Indexing:
This is a tough one and the jury is still out, but if you want to check this issue out for yourself simply open up Chrome and browse to any page. Once there let it sit idle for a few minutes. You will see your HDD go crazy. Chrome will spawn one to two additional threads and start intensive read and write operations on your system. As you can see from the images below it was a significant jump.
I am working with others to track down exactly what Chrome is doing here but whatever it is it cannot be good.
|
|
|
|
|
|
|
|
Does anyone have a good explanation for Chrome writing to the system volume information file?
Owned by hackers
Ah here is one of the most disturbing things about Chrome, and I will make this short and plain.
While looking for information on the security issues listed above; I found a comment that simply said the hacking community already “owned” Chrome. To me this means the holes that are there are well known ones and easy to take advantage of. Scary thought if your new browser has built in holes for a malicious individual to use…
All this adds up to a serious issue and one that Google must address. For most users they will see Chrome as a new Google tools like Desktop and Toolbar, they will not look into or read online to make sure their privacy or security is being taken into account. Instead once this is released in full and pushed by Google on the unsuspecting masses we could very well see a new level of threat to personal and business systems. In fact these disturbing issues and questions have already lead to a drop in Chrome’s interest and use.