Topic: New address spoofing flaw smudges Google's Chrome

[Samker]

Google's Chrome browser has been marred by yet another vulnerability, this one allowing attackers to impersonate websites of groups like the Better Business Bureau, PayPal or, well, Google.

Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers from the Mountain View, California search behemoth.

"I don't see Apple Safari vulnerable in the same way," he writes in an email to The Register. "They share the same engine(webkit)."

As his proof of concept demonstrates, it is in fact possible to send Chrome users to a page under his control while causing the browser's address bar to display the domain name bbb.org.

A Google representative says Chrome's spoofing vulnerability is a "known issue" that will be fixed in an update that will be pushed to end users soon. Those too impatient to wait can download version 0.3.154.3 of Chrome on Google's Dev Channel.

(The Register)