Google Chrome was released yesterday with some useful features and i was excited with its features, but with in few hours a security researcher Aviv Raff discovered that Google Chrome is vulnerable to carpet-bombing flaw. This vulnerability could expose Windows users to malicious hacker attacks. (via ZDNet)
The flaw is a combination of two vulnerabilities, a flaw in Webkit rendering engine and a Java bug. Using this flaw a malicious hacker can lure chrome user to download an executable, that gets executed with out warning.
Aviv Raff has setup a demo of the exploit here (this page downloads a Java file to your desktop, but it won’t harm your system, it is just a notepad file), this page shows how malicious hacker can plant malware on Windows desktops.
Google Chrome is using an older version of Webkit (525.13 (Safari 3.1),), Apple fixed this flaw in Safari 3.1.2. Google has talked high on security but used a vulnerable rendering engine, hopefully they will fix it soon.