Google Chrome isn't officially out yet, but security researchers have already picked the browser apart to discover a security vulnerability.

The WebKit engine used inside Chrome leaves it vulnerable to the infamous Safari carpetbombing flaw, security researcher Aviv Raff warns. The flaw stems from a combination of a vulnerability in Apple Safari WebKit and a Java security bug, security blogger Ryan Naraine reports.

Apple patched the vulnerability with Safari v3.1.2, but the underlying software behind Chrome is based on older code, hence the vulnerability.

Security watchers warn further vulnerabilities are bound to arise. Against this many are praising the speed and built-in security features of the browser. Chrome features built-in sandboxing for each tab, anti-phishing technology and a privacy (ie smut-surfing) mode. ®

Related stories

• Google buffs Chrome with security update (7 May 2009)
• New address spoofing flaw smudges Google's Chrome (26 October 2008)
• German developers forge Iron from Chrome (26 September 2008)
• Google publishes Chrome patch details (9 September 2008)
• Applet accelerating Java update M.I.A. (4 September 2008)
• Review Chrome: A new force for web applications? (4 September 2008)
• Analysis History shaped Google's Trojan Horse (4 September 2008)
• Google restores Chrome's shine (4 September 2008)
• Mozilla claims mass Ubiquity mobilisation (3 September 2008)
• Opera boss: Imitation is flattering (3 September 2008)
• Burned by Chrome - Fire put out (3 September 2008)
• Google's comic capers: what they really meant to say (2 September 2008)
• Google cedes Belgium to Germany (2 September 2008)
• Google releases open source browser (2 September 2008)
• Firefox sweeps away carpet bombing bug (17 July 2008)
• Threat remains despite Safari carpet bombing fix (23 June 2008)
• Microsoft urges Windows users to shun 'carpet bombing' Safari (31 May 2008)
• Apple okay with Safari 'carpet bombing' vuln for now (15 May 2008)