http://www.bing-vs-google.com/
have fun and analyse it ……..
Jul
5
Nov
2
If you are used to Chrome then you should be aware of Incognito mode , if not then this Incognito mode will let you browse in a safer ways , Maybe you travel a lot with your laptop and don’t want a bunch of private information on a machine that might be stolen , but this mode is right now optional in Google Chrome if u need Incognito mode then u need to select that mode, If you need Google Chrome to open always in Incognito mode then. Michael T. Bee sent us a convenient script that starts up Chrome in incognito mode automatically. Here it is in all it’s glory:
//Chrome_Incognito.js – start new chrome incognito(sort of)
var liWait=175; //wait ms (double on older pc)var oSh=new ActiveXObject(”WScript.Shell”);
oSh.Run(”chrome.exe”); //start chrome
WScript.Sleep(liWait);
oSh.Sendkeys(”^+N”); //start new incognito window
WScript.Sleep(liWait);
oSh.Sendkeys(”%{Tab}”); //go previous(first) browser window
WScript.Sleep(liWait);
oSh.Sendkeys(”%{F4}”); //close first browser window
Just drop this in notepad and save it as chrome_incognito.js on your desktop. When you double click it, it will launch Chrome, make an incognito window, and then close the first window. It does all this by sending artificial keypress events to the application through the Shell ActiveX object, a technique which might come in handy for scripting other standard Windows applications
Oct
27
New address spoofing flaw smudges Google’s Chrome:- Google’s Chrome browser has been marred by yet another vulnerability, this one allowing attackers to impersonate websites of groups like the Better Business Bureau, PayPal or, well, Google.
Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers from the Mountain View, California search behemoth. “I don’t see Apple Safari vulnerable in the same way,” he writes in an email to The Register. “They share the same engine(webkit).”
As his Proof of Concept
demonstrates, it is in fact possible to send Chrome users to a page under his control while causing the browser’s address bar to display the domain name bbb.org
A Google representative says Chrome’s spoofing vulnerability is a “known issue” that will be fixed in an update that will be pushed to end users soon. Those too impatient to wait can download version 0.3.154.3 of Chrome on Google’s Dev Channel
Sep
4
The new browser from Google tries to get the best from other browsers, but instead (well, at least in the current beta version), it seems to be doing quite the opposite.
The current beta uses an old version of WebKit – 525.13 – which is actually the same WebKit engine used by the old Safari v3.1. The current Safari version is v3.1.2, which fixed several critical issues, including the “blended threat” Carpet Bombing vuln, Google even mention that they use Safari v3.1 rendering engine in their own documentation (Thanks Yonatan Grabber for the information!).
On the other hand, Chrome borrowed (and modified) local resource files from the Mozilla project. And also, for some reason, in some cases there is an ActiveX plug-in loaded by Chrome, which might be an evidence of a capability of this browser to execute ActiveX controls. you can have a look at your own system where CHROME as been installed the path would be.
“c:\users\(yourusername)\AppData\Local\google\Chrome\Application\0.2.149.27\chrome.dll”
I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it’s very problematic.
They’ll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time.
Back to the WebKit issue. I’ve created a proof-of-concept which demonstrates the automatic download vulnerability that was already fixed by Apple. This PoC will automatically download a JAR file and place it in the the downloads folder (there are reports that in some cases it will download it to the Desktop, as in Safari. In those cases, the Safari-Pwns-IE exploit can be easily converted to Chrome-Pwns-IE exploit).
Unfortunately, whenever Google Chrome downloads a file, it creates a download bar at the bottom of the page, which seems, for the untrained eye, as part of the page. The downloaded filename is displayed as a button, and the one click on this button will execute the file. If the file is an executable (e.g. .EXE, .BAT, etc.), Windows Explorer will show a warning that this file was downloaded from the Internet. In this case, Google Chrome does a good job by setting the Zone.Identifier in the alternative data stream.
However, as was mentioned by pdp at his great Black Hat Talk this August, when Windows Explorer will try to execute a JAR file, it will automatically run the associated application, which in most cases is the JRE (Java Runtime Environment). JRE will not check the Zone.Identifier in the alternative data stream, and will execute the JAR file with no warning. JAR file, of-course, should be treated as any other executable file. This is again a sort of a “blended threat”. Two small issues in different products, when blended together create a much larger problem.
Sep
3
Google Chrome isn’t officially out yet, but security researchers have already picked the browser apart to discover a security vulnerability.
The WebKit engine used inside Chrome leaves it vulnerable to the infamous Safari carpetbombing flaw, security researcher Aviv Raff warns. The flaw stems from a combination of a vulnerability in Apple Safari WebKit and a Java security bug, security blogger Ryan Naraine.
As a result Windows users of the beta software might be tricked into downloading malicious files onto their desktop. Raff has published a harmless proof-of-concept exploit in order to illustrate his concerns.
Apple patched the vulnerability with Safari v3.1.2, but the underlying software behind Chrome is based on older code, hence the vulnerability.
Security watchers warn further vulnerabilities are bound to arise. Against this many are praising the speed and built-in security features of the browser. Chrome features built-in sandboxing for each tab, anti-phishing technology and a privacy (ie smut-surfing) mode. ®
Note :- if u want to see the exploit really working then use Chrome