Security problems with Google Chrome?

Some of the sparkle may be beginning to fade after the high profile release of Google’s spanking new web browser, Google Chrome, as the internet community discovers potential security flaws in its code.

Dancho Danchev has blogged on ZDNet that researcher Rishi Narang has found a DoS vulnerability that can can cause the browser to crash if the user follows a malicious link.

In addition, Ryan Naraine reports that Chrome is running an out-of-date version of WebKit and may be vulnerable to the highly publicised “carpet bombing” flaw that struck Apple Safari earlier this year.

No-one should really be surprised by this news. Any release of software by Google is likely to get a huge amount of attention from security researchers, all keen to discover if a problem can be found amid all the champagne cork-popping.

Furthermore, and I don’t know how to say this any louder, IT’S A BETA! This isn’t even version 1.0. And we all know that only the truly courageous put their full trust in version 1.0 of a product.

So, what does this mean to you in your company? Well, my guess is that 24 hours after the launch you haven’t decided to roll out the beta of Google Chrome across your organization as your browser of choice. šŸ™‚ But can you be sure that your end users are being just as cautious?

With all the hoopla about Google’s new product, many many people will be trying it out either through curiousity or because they are genuinely looking for an alternative to market leaders Internet Explorer or Firefox. You can, I’m sure, imagine how that could cause a headache for an IT department trying to do a good job of supporting users throughout your enterprise.

As I described last month on the blog, the application control functionality built into Sophos’s solution means that we can help you control which web browsers your userbase runs on their computers.

We can already help you control Firefox (versions 1-3), Internet Explorer (versions 5-7), Safari, Opera, Netscape and Flock, as well as lesser known internet browsers. And guess what – at the end of the month we’ll be adding Google Chrome to that list too. šŸ™‚

By the way, we’re not using a sledgehammer to crack a nut. The way we implement Application Control in Sophos products means you can select different categories of user when rolling out your policy. So it would be possible to block browsers in most of the company but allow, say, your web development team to try umpteen different browsers to test the compatibility of the website they are working on.