It was bound to come along sooner rather than later and readwriteweb.com reports on how Google Chrome’s download feature can be exploited by hackers.

The flaw has got to do with Chrome’s lax downloading policy. When a user downloads a file and clicks the tab below (below) to open it, it is opened straight away without any prompts or warning.

For a demo of what i’m talking about check out this file (don’t worry, nothing in it, just a demo). It was compiled by security expert Aviv Raff.

Apparently it was a known bug in WebKit (the framework behind Chrome). Safari patched up this issue months ago, but Google were using an old WebKit version to work with Chrome and hence the problem.