Chrome vulnerability patched

TheEnforcer · 09-08-2008

Click link for full article

http://www.pcworld.com/businesscente...es_chrome.html

Critical Vulnerability Patched in Google's Chrome
Jeremy Kirk, IDG News Service

Monday, September 08, 2008 4:00 AM PDT
A Vietnamese security company has found a critical vulnerability in Google's new browser Chrome, but Google has already released patch for that problem and at least one more.

The vulnerability is one of several problems identified in the browser since it was released early last week. The bug is a buffer overflow that occurs if a user saves a Web page containing an overly long "title" tag, according to Bach Koa Internetwork Security (Bkis), based at the Hanoi Institute of Technology.

Dravyk · 09-08-2008

Gee, if it had been Microsoft, they would have ...

Ignored if for three months.

Put out a statement it's a feature not a vulnerability.

Ignored if another four months.

Admitted they might have missed the bug. IF it were a bug.

Put out a patch a year later with a bug in the patch that deletes the hard drive of every 1% of the people using the patch.

Ignored the bug in the patch and put out a press release that everything is fixed.

Gotten word that not only was the patch buggy, but the vulnerability was only fixed in 4 out of 5 browsers.

Put out a press release saying the people deleted their own hard drives for inexplicable reasons.

Fixed the bug that deleted the hard drive but ignore the bug in the bug fix.

Put out a new 2.0 version of the browser with the same bug.

One month later release a bug fix for the 1.0 browser but not the same bug in the 2.0 one.

One month after that release a bug fix that finally fixes the bug in 2.0

One month later release 2.1 with the bug back in it.

Repeat from the top.

TheEnforcer · 09-08-2008

LOL

sounds about right...

raymor · 09-12-2008

I guess MS has improved, eh? We're still fighting an IE bug that MS first
acknowledged publicly in 1997. (It's mishandling of the Vary header, which
is why a page with many thumbnails often takes five times as long to load
in IE as it does in other browsers).

Dravyk · 09-15-2008

SP3 update in April killed my entire Windows registry system. Had to reinstall Windows, every update (but that one) for the past two years and every single program I have (because they were "installed" but no longer in my registry). And this is a bug they also had in the SP2 that effected some folks in 2003 and never fixed. Totally f**ked me up!!! To this day I still am experiencing various after effects (like it destroyed my PIM with all my phone numbers and emails in it.)

A minor update several months ago made it so my partner Electra could not get on the Net for a day. They never fixed that bug. The program MS effected (ZoneAlarm) had to do it themselves.

Now, before ANY update, even a small MS update, I won't put it in for several days and read the technical news sites to ensure there isn't a bug in it first.

Worse trojan on the net? MS patches. Bastards!

09-08-2008	#1
TheEnforcer Scored VIP to Anton's Piss Tank Want to see your own Advertising Here! Join Date: Oct 2002 Posts: 8,781	Chrome vulnerability patched Click link for full article http://www.pcworld.com/businesscente...es_chrome.html Critical Vulnerability Patched in Google's Chrome Jeremy Kirk, IDG News Service Monday, September 08, 2008 4:00 AM PDT A Vietnamese security company has found a critical vulnerability in Google's new browser Chrome, but Google has already released patch for that problem and at least one more. The vulnerability is one of several problems identified in the browser since it was released early last week. The bug is a buffer overflow that occurs if a user saves a Web page containing an overly long "title" tag, according to Bach Koa Internetwork Security (Bkis), based at the Hanoi Institute of Technology.

09-08-2008	#2
Dravyk Easy Like Sunday Morning Want to see your own Advertising Here! Join Date: Oct 2002 Location: Behind a couch, somewhere in Philly Posts: 7,628	Re: Chrome vulnerability patched Gee, if it had been Microsoft, they would have ... Ignored if for three months. Put out a statement it's a feature not a vulnerability. Ignored if another four months. Admitted they might have missed the bug. IF it were a bug. Put out a patch a year later with a bug in the patch that deletes the hard drive of every 1% of the people using the patch. Ignored the bug in the patch and put out a press release that everything is fixed. Gotten word that not only was the patch buggy, but the vulnerability was only fixed in 4 out of 5 browsers. Put out a press release saying the people deleted their own hard drives for inexplicable reasons. Fixed the bug that deleted the hard drive but ignore the bug in the bug fix. Put out a new 2.0 version of the browser with the same bug. One month later release a bug fix for the 1.0 browser but not the same bug in the 2.0 one. One month after that release a bug fix that finally fixes the bug in 2.0 One month later release 2.1 with the bug back in it. Repeat from the top. __________________ All Of 'Em Mainstream Webmasters New: WebmasterConventions.com

09-08-2008	#3
TheEnforcer Scored VIP to Anton's Piss Tank Want to see your own Advertising Here! Join Date: Oct 2002 Posts: 8,781	Re: Chrome vulnerability patched LOL sounds about right...

09-12-2008	#4
raymor Members Join Date: Mar 2004 Posts: 42	Re: Chrome vulnerability patched I guess MS has improved, eh? We're still fighting an IE bug that MS first acknowledged publicly in 1997. (It's mishandling of the Vary header, which is why a page with many thumbnails often takes five times as long to load in IE as it does in other browsers). __________________ Ray Morris support AT bettercgi.com Strongbox - The next generation in site security Throttlebox - The next generation in intelligent bandwidth control Clonebox - Backup (disaster recovery) on steroids Make money with your sig

09-15-2008	#5
Dravyk Easy Like Sunday Morning Want to see your own Advertising Here! Join Date: Oct 2002 Location: Behind a couch, somewhere in Philly Posts: 7,628	Re: Chrome vulnerability patched SP3 update in April killed my entire Windows registry system. Had to reinstall Windows, every update (but that one) for the past two years and every single program I have (because they were "installed" but no longer in my registry). And this is a bug they also had in the SP2 that effected some folks in 2003 and never fixed. Totally f**ked me up!!! To this day I still am experiencing various after effects (like it destroyed my PIM with all my phone numbers and emails in it.) A minor update several months ago made it so my partner Electra could not get on the Net for a day. They never fixed that bug. The program MS effected (ZoneAlarm) had to do it themselves. Now, before ANY update, even a small MS update, I won't put it in for several days and read the technical news sites to ensure there isn't a bug in it first. Worse trojan on the net? MS patches. Bastards! __________________ All Of 'Em Mainstream Webmasters New: WebmasterConventions.com