Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Google Chrome 7

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Google
And, this specific program:
Google Chrome 7.x

This thread has been marked as locked.
TC Tyler Google Chrome 7
Member 5th Nov, 2010 22:49
Ranking: 0
Posts: 13
User Since: 23rd May, 2010
System Score: N/A
Location: N/A
I just re-installed Google Chrome, thinking that the security threat was patched. I like Google chrome, but there is still a cad 5 threat. How would one know if they were to be compromised? I have to pay bills online, is there a safe browser? on a secure website, could a hacker get my info? Out of all the millions of users, what are the chances that I am singled out for an attack. Would Norton anti virus catch it?

TC

TiMow RE: Google Chrome 7
Dedicated Contributor 6th Nov, 2010 09:04
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 6th Nov, 2010 09:20
TC
Sorry - can't allay your fears, about safe/vulnerable browsers. In the real world there are some who would argue, that there is no such thing as a safe browser, even if one is reported as such.

I, too, was of the opinion that the latest Chrome update would clear the flash insecurity - especially as Adobe have patched the plug-in flash but either Secunia believe it not to have done, or they haven't amended their rules (which I doubt).

Just to clarify, I am only showing Chrome as, "Insecure, no solution", under Secure Browsing tab. If you also have a listing under Insecure, then you will need to delete the old numbered version file at source (use PSI Open folder) - but I think, from your previous posts, you are aware to this.

At present PSI is listing Firefox as Secure for browsing (green box) - I use this as default, with Chrome as a secondary option, and find it comparable, if not preferable (familiarity of use).

Sandboxes offer an added element of security against incoming nasties, but I can't be sure how it safeguards against hackers. I believe it should - but like every security program, it works, until it doesn't - then it's too late. We can only do what we can.

Here's a couple of links relating to Sandboxing - the first is an actual program (but contains a simple explanation of function), and the next two relate to what Chrome is already doing.

http://www.sandboxie.com/

and info. relating to Chrome:

http://google-chrome-browser.com/new-approach-brow...

http://www.chromium.org/developers/design-document...

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
Anthony Wells RE: Google Chrome 7
Expert Contributor 6th Nov, 2010 11:58
Score: 2426
Posts: 3,315
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 6th Nov, 2010 12:19
Hello TC and TiMow ,

If you look here you will see the latest Chrome versions Dev Channel , Beta and Stable (scroll down) patching all known securities :-

http://googlechromereleases.blogspot.com/

It states that 7.0.517.44 includes the Flash update : this covers SA42109 vulnerabilities , but is not being shown in SA42031 . See here (scroll down) :-

http://secunia.com/advisories/product/32718/?task=...

So the "secure browsing" accurately reflects what Secunia is reporting ; but SA42031 may be in need of updating ?!

As far as safe banking is concerned :-

You need to be sure the website is genuine ; put a safe/confirmed link ito the site in your bookmarks and always go there using it .

The site must use "https" and must confirm its certificates and must show a "padlock" of some sort in your browser . Never load your personal data until this status is showing/confirmed . If you get insecure/unconfirmed data loaded to/by the website , the url is likely to change colour (usually from green to red) you are still https secure but some data has not passed as secure .

Sandboxing is really to stop the bad guys getting to run on your PC ; they can run in the sand and so a keylogger in the box or something similar could be active until you delete the box . Plug-ins in the Chrome sandbox are not fully secure it would seem ; plus you can directly select download out of the Chrome sandbox to your PC : you cannot do that in Sandboxie for example.

For an extra level of security , you could use an anti-keylogger like the free "keyscrambler" or (free limited or pay) PrevX's "safe on line" . Trusteer" also do a (free) specific banking programme for your actual Bank .

The links I put in this thread for taffy gives more info :-

http://secunia.com/community/forum/thread/show/423...

The opening paragraphs here , concerning input of your personal data to an http site , are also most illuminating :-

http://codebutler.com/firesheep

Bit rushed today , but something for you to cogitate over the weekend :))

Take care

Anthony





--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
ddmarshall RE: Google Chrome 7
Dedicated Contributor 6th Nov, 2010 12:46
Score: 1205
Posts: 956
User Since: 8th Nov 2008
System Score: 98%
Location: UK
A common scenario whereby your banking details are compromised is this.
The attacker tricks you into going to a website he has compromised. This could be by using a phishing email or poisoning Google search results. When you arrive at the website, it will try to exploit several vulnerabilities to download the attacker's software onto your computer. If this succeeds the attacker can do whatever he wants. Typically, a keylogger would be installed which would collect logon details and credit card details and sent them back to the attacker who would then sell them on.

You can buy a kit to set up your own business as a cybercriminal for around $1000 without any technical knowledge.

If the attacker knows what they are doing, you should be unaware of anything wrong. Antivirus software should stop this, but it depends on it recognising the software. The viruses are constantly mutated to avoid the antivirus. The attackers will test them against common antivirus programs before releasing them. The antivirus companies are always trying to catch up.



--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability