Google's Chrome browser has been marred by yet another vulnerability, this one allowing attackers to impersonate websites of groups like the Better Business Bureau, PayPal or, well, Google.

Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers from the Mountain View, California search behemoth.

"I don't see Apple Safari vulnerable in the same way," he writes in an email to The Register. "They share the same engine(webkit)."

As his proof of concept demonstrates, it is in fact possible to send Chrome users to a page under his control while causing the browser's address bar to display the domain name bbb.org.

A Google representative says Chrome's spoofing vulnerability is a "known issue" that will be fixed in an update that will be pushed to end users soon. Those too impatient to wait can download version 0.3.154.3 of Chrome on Google's Dev Channel.®

Related stories

• Google buffs Chrome with security update (7 May 2009)
• Chrome sweeps carpet-bombing bug under the rug (22 October 2008)
• Google publishes Chrome patch details (9 September 2008)
• Review Chrome: A new force for web applications? (4 September 2008)
• Carpetbomb bug tarnishes Google Chrome (3 September 2008)
• Web browsers face crisis of security confidence (23 June 2008)
• Firefox developers tinker with new security protections (finally) (20 May 2008)