In Chrome Phishing, Robert Hanson blows the lid off the “Google knows what it’s doing so Chrome is secure” idea. He argues that Chrome has a long way to go before it’s a mature browser, free of easily-exploitable holes.
Remember the old username-looks-like-web-site-in-the-url trick? http://gmail.google.com@evil.net/ is an example.
Try it in Chrome. Now try it in Firefox. Security is hard, even for Google.
Tempus fugit
