> Hi all,
>
> I've been playing around with Google's new web browser and Tor. I
> thought it might be good to share my findings with everyone.
> After reading Google's privacy policy[1], I for one would not want to
> use this on a regular basis, if at all.
>
> The first bug I tried was an old one I found with Firefox; the NEWS://
> URI type.
> Any link that has a NEWS:// URI will launch Outlook Express and
> attempt to contact the server in the URL...without using Tor.
>
> The second bug I found resulted in local file/folder disclosure.
> This is very similar to the one I found in Internet Explorer.
>
> The third bug I found was with MIME-TYPEs, specifically Windows Media
> Player supported formats.
> The BANNER tag can also leak your IP address when the playlist is
> loaded *IF* WMP is not set to use a proxy.
> Also, a playlist in WMP can specify protocols that use UDP, hence, no
> proxy support...no Tor.
>
> On the flip-side, it is very cool how each browser tab is it's own
> process, making several types of attacks much more difficult.
> However, with an invasive privacy policy, local proxy bypassing, and
> local files/folders able to be read from your hard drive, I've decided
> not to use this browser.
>
> It just doesn't feel privacy/anonymity friendly to me.
> Anyone else want to chime in on this?
>
>
> - Kyle
>
> [1]
http://www.google.com/chrome/intl/en/privacy.html
> (Basically states you have no privacy when using Chrome)