Google Chrome may need more work to be fully secure under Vista
Posted
Friday, September 05, 2008 3:09 PM
by
hwaldron
A visitor to my blog, shared some interesting findings related to Vista. While my personal experience has been limited with Vista, I agree that this issue could potentially bypass Vista's UAC controls. For example, it would bypass warning that a rouge application is manipulating the Chrome environment itself and altering it for malicious purposes.
It is recommend to use this beta release cautiously and for test purposes until it is deemed to be more secure, e.g., some issues have already been documented within a few days of it's release.
Google Chrome plays outside of Vista Security Zones
http://blog.noop.se/archive/2008/09/05/google-chrome-plays-outside-of-vista-security-zones.aspx
http://blog.reis.se/2008/09/05/GoogleChromeCriticalSecurityIssues.aspx
QUOTE: Google Chrome installs under your local user settings. In my case its the folder C:\Users\xxxxxxxx\AppData\Local\Google\Chrome\Application. This means we now have an app running outside of Vistas regular security zones.
You need elevated rights in Vista to modify files that lie under C:\Program Files but not to modify files under C:\Users\<your user>\. This means that any app that might run on your machine can do what ever changes to the Chrome application that it wishes!