Google Chrome vulnerable to carpet-bombing flaw

-

Google Chrome vulnerable to carpet-bombing flaw

Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.

Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning."

Comments

Post a Comment

Popular posts from this blog

Flickering 2D transform elements in Chrome: a simple fix

-
This quick post is to point out a fix to an issue I had to deal with a few weeks ago and was caused by a Chrome update. Components with absolute positioning and a 2D CSS transform started flickering when placed inside a scrollable component. A brief search online revealed several people with similar problems, but the suggested fixes were all very different. I tested several of them (including obvious changes to the z order) before finding the one that actually did the trick. What eventually worked for me was adding an empty 3D transform to the same elements with 2D transforms: transform:translate3d(0,0,0); I guess the reason why this works is that it forces elements to be drawn via a different rendering / compositing path than standard 2D elements.
Read more

Parallel Beam Tracing and Visualization of 200 Million Sonar Points

-
Image
For the final project in the UIC Spring 2013 Parallel Processing Class, I worked with a classmate to optimize our current implementation of a sonar beam tracer used for  The NASA ENDURANCE Project . The beam tracer is used to process the raw data collected by the ENDURANCE AUV in Lake Bonney, Antarctica, and correct sound beam paths using information about the water chemistry. The data is clustered and noise filtered to generate a final 3D Point cloud that can be visualized in our CAVE2 system. The ENDURANCE Sonar data in CAVE2. Photo(c) Lance Long. A lot of corrections and adjustments need to be applied to this data before the final results are acceptable. Some of the corrections derive from the sound speed estimation through the water column, AUV navigation corrections, water level changes and noise filtering thresholds. All this parameters influence the final result, and ideally researchers can tweak them and see the result of their actions in real time. Given the siz...
Read more

glVertexAttribPointer and double precision buffers

-
Image
This post will hopefully help people avoid a mistake that cost me several hours of debugging. In one of my projects I have been working with OpenGL 4 double precision vertex buffers. As the buffer data was passed to the shader as a generic attribute, I have been using  glVertexAttribPointer  to specify the attribute location in the data stream. This worked fine with floating point data. When I needed to switch to double precision, I checked the glVertexAttribPointer specification: this function accepts GL_DOUBLE as an input type: therefore, I assumed that change was all I needed to pass double precision data to my shader. I noticed two other version of the attrib pointer function existed ( glVertexAttribIPointer and  glVertexAttribLPointer ) but I thought they were just legacy functions or alternatives to using glVertexAttribPointer with GL_DOUBLE or GL_INT type specifiers. Things did not work as I expected. trying to pass double precision data to the shader cau...
Read more