Tomado de http://www.astalavista.com/index.php?section=blog&cmd=details&id=3567
Carpet-bombing Vulnerability In Google Chrome New Browser
posted by usb at 06:50:13 03.09.2008
Hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities, a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference, to trick users into launching executables directly from the browser window.
A harmless proof-of-concept demo of the attack is available. In the demo Raff is showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning. the code shows how a malicious hacker can use a clever social engineering and plant malware on Windows desktops in just two victim`s mouse clicks.
The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser. Apple patched the carpet-bombing issue with Safari 3.1.2.
Some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.
On the Google Blogoscoped blog, some additional security related issues are mentioned:
"Chrome has a privacy mode; Google says you can create an “incognito” window “and nothing that occurs in that window is ever logged on your computer.” The latest version of Internet Explorer calls this InPrivate. Google’s use-case for when you might want to use the “incognito” feature is e.g. to keep a surprise gift a secret. As far as Microsoft’s InPrivate mode is concerned, people also speculated it was a “porn mode.”
Web apps can be launched in their own browser window without address bar and toolbar. Mozilla has a project called Prism that aims to do similar (though doing so may train users into accepting non-URL windows as safe or into ignoring the URL, which could increase the effectiveness of phishing attacks)."
To fight malware and phishing attempts, Chrome is constantly downloading lists of harmful sites. Google also promises that whatever runs in a tab is sandboxed so that it won’t affect your machine and can be safely closed. Plugins the user installed may escape this security model, Google admits.
Since Google Chrom is still in beta, it would be a good idea to wait until final release, where serious security issues will most likely be fixed.
Article Source
Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php
Carpet-bombing Vulnerability In Google Chrome New Browser
posted by usb at 06:50:13 03.09.2008
Hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities, a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference, to trick users into launching executables directly from the browser window.
A harmless proof-of-concept demo of the attack is available. In the demo Raff is showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning. the code shows how a malicious hacker can use a clever social engineering and plant malware on Windows desktops in just two victim`s mouse clicks.
The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser. Apple patched the carpet-bombing issue with Safari 3.1.2.
Some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.
On the Google Blogoscoped blog, some additional security related issues are mentioned:
"Chrome has a privacy mode; Google says you can create an “incognito” window “and nothing that occurs in that window is ever logged on your computer.” The latest version of Internet Explorer calls this InPrivate. Google’s use-case for when you might want to use the “incognito” feature is e.g. to keep a surprise gift a secret. As far as Microsoft’s InPrivate mode is concerned, people also speculated it was a “porn mode.”
Web apps can be launched in their own browser window without address bar and toolbar. Mozilla has a project called Prism that aims to do similar (though doing so may train users into accepting non-URL windows as safe or into ignoring the URL, which could increase the effectiveness of phishing attacks)."
To fight malware and phishing attempts, Chrome is constantly downloading lists of harmful sites. Google also promises that whatever runs in a tab is sandboxed so that it won’t affect your machine and can be safely closed. Plugins the user installed may escape this security model, Google admits.
Since Google Chrom is still in beta, it would be a good idea to wait until final release, where serious security issues will most likely be fixed.
Article Source
Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php
![[Dn] KiKe](https://cdn.laneros.net/data/avatars/m/0/118.jpg?1374298462){kind=avatar}
