<< Previous Next >>
The Google
We (SVRT-Bkis) have just discovered vulnerability in Google Chrome
0.2.149.27. This is a Critical Buffer Overflow Vulnerability permiting
hacker to perform a remote attack and take complete control of the affected
system.
We have submitted this Vulnerability to Google. They confirmed and assign a
verifier for build 0.2.149.28.
Penned by Todd T. Fries on 20080510 13:04.42, we have:
| Yes this is very frustrating.
|
| The details are not so hard to guess. Unless this post is different,
| anyone can send an email to a nonexistent user at a google service and
| they accept it and bounce back to the envelope recipient. *sigh*.
|
| We are going back to the stone age by copying qmails default stupidity.
|
| This is doing very much harm.
Yes this is very frustrating.
The details are not so hard to guess. Unless this post is different,
anyone can send an email to a nonexistent user at a google service and
they accept it and bounce back to the envelope recipient. *sigh*.
We are going back to the stone age by copying qmails default stupidity.
This is doing very much harm.
From: Memisyazici, Aras [mailto:arasm@vt.edu]
Sent: Sunday, December 30, 2007 2:13 PM
To: Ofer Shezaf; bugtraq@securityfocus.com
Subject: RE: Latest round of web hacking incidents for 2007 & Project news
>>The researchers found that they can use Google to retrieve the hashed password of the hacker. Google has become so big that it actually allows efficient encrypted passwords lookup.
Could you please be more specific? Do you mean, Google had crawled an entire MySQL DB and had access to the contents of the password field in encrypted form? Or had the contents of a /etc/shadow file? Or has a huge rainbow table repo. to compare hashes against? Or... ?
Sincerely,
>>The researchers found that they can use Google to retrieve the hashed password of the hacker. Google has become so big that it actually allows efficient encrypted passwords lookup.
Could you please be more specific? Do you mean, Google had crawled an entire MySQL DB and had access to the contents of the password field in encrypted form? Or had the contents of a /etc/shadow file? Or has a huge rainbow table repo. to compare hashes against? Or... ?
Sincerely,
Aras "Russ" Memisyazici
IT Specialist II
Virginia Tech -- OIS
Google Toolbar allows spoofing the information presented in the dialog which
is being displayed when adding a new Google Toolbar button. This can allow
an attacker to convince the users that his button comes from a trusted
domain. This button can then be used to download malicious files or conduct
phishing attacks (e.g. show a login form of a bank).
Affected versions
* Google Toolbar 5 beta for Internet Explorer
* Google Toolbar 4 for Internet Explorer
* Google Toolbar 4 for Firefox (partially)
Hi
Google Chrome, right from the start has shown some stringency in tab
crashing. But crashing tabs or full browser crash is becoming more smoother
than the previously reported cases. On playing around with Google Chrome
and Chrome Frame direct tab crashing has been reloaded. The specific
points are mentioned below:
1. Scripts are checked against memory allocation part and raises a warning.
2. In recent versions playing around with JavaScript based conversion of
google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit (Internet Explorer)
by nine:situations:group::pyrokinesis
site: http://retrogod.altervista.org/
software site: http://pack.google.com/intl/it/pack_installer.html
tested against: Internet Explorer 8, windows xp sp3
Internet Explorer 7, windows xp sp3
Google Chrome 2.0.172.43
16.05.2010 - found vulnerability.
17.05.2010 - disclosed at my site.
18.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
Found on the 16th
Blogged on the 17th
Told vendors on the 18th
Posted here on the 18th
Hi list
I would like to announce a new writeup, titled
"Google Chrome 3.0 (Beta) Math.random vulnerability".
The writeup is available in the following URL:
http://www.trusteer.com/files/Google_Chrome_3.0_Beta_Math.random_vulnerability.pdf
Abstract:
The revised Google Chrome Math.random algorithm (included in version
======================================================================
Secunia Research 26/01/2010
- Google Chrome Pop-Up Block Menu Handling Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Jun 07, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Advisory: Google Chrome MetaCharacter URI Obfuscation Vulnerability.
Version Affected: All
Chrome/0.2.149.30
Chrome/0.2.149.29
Chrome/0.2.149.27
Description:
Google chrome is vulnerable to URI Obfuscation vulnerability. An
attacker can easily
Advisory: Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability.
Version Affected:
Chrome/0.2.149.30
Chrome/0.2.149.29
Chrome/0.2.149.27
Description:
Google chrome is susceptible to stringent behavior while handling
"onbeforeunload"
---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27
Tested:
Windows XP Professional SP3
Result:
Google Chrome Crashes with All Tabs
Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It lies in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.
Hello,,
Google Chrome Auto download exploit ..
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net
Tested Successfully on Google Chrome Build 1798
On Sat, May 10, 2008 at 01:04:42PM -0500, Todd T. Fries wrote:
> Yes this is very frustrating.
>
> The details are not so hard to guess. Unless this post is different,
> anyone can send an email to a nonexistent user at a google service and
> they accept it and bounce back to the envelope recipient. *sigh*.
Google outscatter is one longstanding problem, but this is a
different problem which allows spammers to use Google's MXes as their
outbound mailservice.
On Sat, May 10, 2008 at 8:04 PM, Todd T. Fries <todd@fries.net> wrote:
> Yes this is very frustrating.
>
> The details are not so hard to guess. Unless this post is different,
> anyone can send an email to a nonexistent user at a google service and
> they accept it and bounce back to the envelope recipient. *sigh*.
They don't, for normal gmail service:
$ telnet gmail-smtp-in.l.google.com 25
On Sun, Dec 30, 2007 at 07:13:24AM -0500, Memisyazici, Aras wrote:
> >>The researchers found that they can use Google to retrieve the hashed password of the hacker. Google has become so big that it actually allows efficient encrypted passwords lookup.
>
> Could you please be more specific? Do you mean, Google had crawled an entire MySQL DB and had access to the contents of the password field in encrypted form? Or had the contents of a /etc/shadow file? Or has a huge rainbow table repo. to compare hashes against? Or... ?
I think this is the original report
http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/
which Bruce Schneier highlighted
http://www.schneier.com/blog/archives/2007/11/using_google_to.html
full disclosure and responsible full disclosure) can be good in appropriate
situation. And I use that type of disclosure which is suitable for every
particular case.
Taking into account that 3 from 4 vendors answered me (except Microsoft) and
Google had already non affected Chrome 4, and Mozilla and Opera promised to
fix it (we'll see when and how they do it), then you can see that my
approach works. And responsible full disclosure can force browser vendors to
attend more at security of their software.
Soon I'll write to security mailing lists about new vulnerabilities in
> Here's the simplified JS version of it (lets call it the Universal DoS --
> yes, it'd work for every browser on the planet that can execute JS) -
John, you was left almost on two years.
In September and October 2008 I made such projects as Day of bugs in Google
Chrome, Day of bugs in browsers, Day of bugs in browsers 2: reloaded (where
I released many different vulnerabilities in browsers, including DoS). And
in October 2008, for project Day of bugs in browsers 2, I released exploits
for blocking DoS with alertbox which affect many browsers ;-) (which you
mentioned in your letter). As you can found it in my post DoS in Firefox,
mimeTeX, mimetex.zip (2009/07/13)
mathTeX, mathtex.zip (2009/07/13)
Credit: vulnerability report received from Chris Evans <cevans [at] google
[dot] com> (mimetex) and Damien Miller <djm [at] google [dot] com>
(mathtex), Google Security Team.
CVE: CVE-2009-1382 (mimetex), CVE-2009-1383 (mathtex)
>> To: Thor (Hammer of God)
>> Cc: bugtraq@securityfocus.com
>> Subject: Re: All China, All The Time
>>
>> On 1/14/10 8:09 AM, Thor (Hammer of God) wrote:
>>> So, apparently my "witty" tag via Google Translate means something I
>> didn't quite mean. Surprise, surprise. Luckily it wasn't something
>> vulgar, (that's what I get for trusting Google Translate and trying to
>> be funny) but what I meant it to say was "If you can read this, don't
>> bother replying because my servers won't get it." However, it seems to
>> mean something like "don't reply because you are not welcome here" or
Hi MustLive,
I can confirm that this consumed most ressources in FireFox 3.5.2 as well.
I have the newest Google Chrome browser installed which might explain why.
Best regards, hopes, peace and love,
MaXe - Founder of InterN0T - Undergrou...
http://www.intern0t.net/
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
8, Google Chrome, Opera.
-----------------------------
Timeline:
26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
Mar 11, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
---------- Forwarded message ----------
From: biko linux <bikolinux@gmail.com>
Date: Tue, Jul 28, 2009 at 1:03 AM
Subject: cross site scripting the browser google "chrome"
To: bugtraq@securityfocus.com
autor : bikolinux
Vuln: cross site scripting the browser google "chrome"
all details in my blog =>
http://lostmon.blogspot.com/2009/07/google-chrome-aboutblank-spoof.html
and here
###########################################################
#######################################
Google Chrome About:blank spoof
vendor url:www.google.com
advisore:http://lostmon.blogspot.com/2009/07/
...
> updates - do inherit that context.
I know it. And I mentioned about this in my paragraph "Via data: it's
possible to bypass in Firefox ...". In these paragraph I wrote "But in
Firefox 3.0.11 and Google Chrome you can't get to cookies this way", which
is the same that your wrote, but in more laconic way. And in the same
paragraph I wrote "but it's possible in old Mozilla (and in those versions
of Firefox where there is relation between data: page and original page)".
So there are such browsers which data: URIs from redirectors inherit context
of the site. In any case JavaScript execution is dangerous even without
Yoast GA Plugin for WP - Cross Site Scripting Vulnerability
Version Affected: 3.2.4 (newest)
Info: The Google Analytics for WordPress plugin automatically tracks and
segments all outbound links from within posts, comment author links, links
within comments, blogroll links and downloads. It also allows you to track
AdSense clicks, add extra search engines, track image search queries and it
will even work together with Urchin.
<<Previous Next>>
|
