updated 12:10 pm EDT, Thu September 4, 2008
Chrome EULA, security
Google's newly-launched Chrome browser -- currently Windows-only but expected to launch soon for Mac and Linux -- is already taking some serious criticism, according to various groups. An initial concern was Google's end-user license agreement (EULA), which effectively claimed the right to use anything posted online via the browser, raising issues of both privacy and intellectual property. This language was actually a mistake, Google now claims.
"In order to keep things simple for our users, we try to use the same set of legal terms (our Universal Terms of Service) for many of our products," admits Rebecca Ward, Google's senior product counsel for Chrome. The company has already changed Section 11 of Chrome's Terms of Service, amending it to read that "You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services."
Chrome is also said to have some security vulnerabilities however, including a URL handler issue that can crash a browser after visiting a malicious link. One researcher, Aviv Raff, also notes that Chrome appears to be using an outdated version of Apple's WebKit technology, leaving it exposed to a carpet-bombing attack. In combination with a Java bug, Chrome users could potentially be lured into downloading and running a malware executable with no means of intervening. The latest version of Safari is safeguarded against this threat.
Owners of Windows Vista may be vulnerable to a separate problem, due to files being downloaded to the desktop by default. Without fixing this setting, Vista could be attacked with the help of a security flaw in Internet Explorer.