Next Page >>
Google Chrome
Hello MustLive,
Thanks for your immediate reply.
I have now tested what you said, cause I suspected that it was only happening because Google Chrome was installed, due to FireFox isn't able to know what ``chromehtml:´´ is on its own. (it has to be associated with an application in this case).
The following would open a lot of windows, consuming most likely all ressources:
http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit2.html
FireFox version: FireFox 3.5.2 (Mozilla/5.0 (Windows; U; Windows NT 5.1; da; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Chrome Password Manager Cross Origin Weakness
Release Date: 2010-02-15
Application: Google Chrome Web Browser
Versions: 4.0.249.78, 3.0.195.38, and likely earlier
Severity: Medium/Low
Author: Timothy D. Morgan <tmorgan (a) vsecurity . com>
Vendor Status: Update Released [2]
CVE Candidate: CVE-2010-0556
following problems:
CVE-2011-0777
Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via vectors related to image loading
CVE-2011-0778
Chrome all versions < 3.0.195.32
Tests performed on v3.0.195.25
III. BACKGROUND
-------------------------
Google Chrome is a web browser released by Google which uses the WebKit
layout engine and application framework. It is one of the four most popular
browsers in the market today. Google released the entire source code of
Chrome, including its bespoke V8 JavaScript engine as an open source project
entitled Chromium, in 2008. Google Chrome is best known for its fast speed,
simplicity and reliability.
Back in 2006, there was interesting research done by James Holderness[1] and
James M. Snell[2] which uncovered a variety of XSS issues in various online
feed aggregator services (e.g. Feed Demon). The vulnerability arises from
the fact that it is not expected of RSS readers to render scripted content.
I want to extend that research by doing threat analysis on inbuilt feed
readers offered in most modern browsers. I have found Google Chrome (v2,3)
and Opera (v9,v10) to be vulnerable, while Internet Explorer(v7,8), Firefox
3.5 and Safari 4 are resilient to the exploits mentioned below.
IV. DESCRIPTION
-------------------------
----- Original Message -----
From: <advisories@intern0t.net>
To: <bugtraq@securityfocus.com>; <mustlive@websecurity.com.ua>
Sent: Wednesday, August 26, 2009 11:41 AM
Subject: Re: DoS vulnerability in Google Chrome
Hello MustLive,
and Firefox 3.5.2 is affected via Chrome (you must test it by running
exploit in Firefox 3.5.2 on systems with and without Chrome installed), then
there are things which we need to know. Which browsers (Firefox 3.5.x and
others) are affected, and which versions of Chrome lead to this issue.
Besides, as I was informed recently, Google Chrome 1.0.154.65 is also
vulnerable.
P.S.
Different people have different signatures ;-). It's like: show me your
Advisory: Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.
Version Affected:
Google Chrome: 1.0.154.36
Description:
Google Chrome FTP Client is vulnerable to FTP PASV malicious port
scanning vulnerability. The username in the
FTP (ftp://username:password@domain.com) can be manipulated by tampering
it with certain IP address with
CVE-2011-1292
Use-after-free vulnerability in the frame-loader implementation in Google
Chrome allows remote attackers to cause a denial of service or possibly
have unspecified other impact via unknown vectors.
CVE-2011-1293
I'm also using Google Chrome.
Another concern for me - its setup downloads:
http://cache.pack.google.com/chrome/install/149.30/chrome_installer.exe
which is not signed by authenticode.
Can anyone post hashes of this file downloaded over a trusted network?
Or, is this info available at some trusted sources?
Thanks in advance,
VUPEN Security Research - Google Chrome Focus Processing Memory Corruption
Vulnerability (VUPEN-SR-2010-249)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Google Chrome is a browser that combines a minimal design with
Google Chrome Window Object Suppressing Remote Denial of Service.
*Version Affected:*
Chrome/0.2.149.30
Chrome/0.2.149.29
Chrome/0.2.149.27
*Severity:*
High
Hi
Google Chrome ( 5.0.375.127 and previous versions) suffers from HTTP
Auth Dialog spoofing vulnerability due to possible
realm manipulation in the HTTP header. Previously, Google chrome has got
a similar bug which can be seen on the following link
http://code.google.com/p/chromium/issues/detail?id=36772
This bug was actually patched. The issue mentioned in this bug was
Hello Bugtraq!
I want to warn you about File Download and Denial of Service vulnerabilities
in Mozilla Firefox, Internet Explorer, Google Chrome and Opera. Earlier I
already wrote about DoS vulnerabilities in different browsers via different
protocol handlers. And now I'll tell about research concerned with attacks
via protocols http and ftp which I made already in 2008 and published at
30.06.2010.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4283/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Google Chrome,
Opera.
-----------------------------
Timeline:
26.05.2010 - found vulnerabilities.
VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion
Stale Pointer Vulnerability
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
We (SVRT-Bkis) have just discovered vulnerability in Google Chrome
0.2.149.27. This is a Critical Buffer Overflow Vulnerability permiting
hacker to perform a remote attack and take complete control of the affected
system.
We have submitted this Vulnerability to Google. They confirmed and assign a
verifier for build 0.2.149.28.
VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer
Vulnerability
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
======================================================================
Secunia Research 26/01/2010
- Google Chrome Pop-Up Block Menu Handling Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Hi list
I would like to announce a new writeup, titled
"Google Chrome 3.0 (Beta) Math.random vulnerability".
The writeup is available in the following URL:
http://www.trusteer.com/files/Google_Chrome_3.0_Beta_Math.random_vulnerability.pdf
Abstract:
The revised Google Chrome Math.random algorithm (included in version
*Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.*
*Version Affected:*
Chrome/0.2.149.30
Chrome/0.2.149.29
*Severity:*
High
----------
http://liudieyu.com/kissofthedragon.32168816196486005/
To be viewed with Google Chrome
Last tested
Wednesday, October 29, 2008 at 9:53:18 AM (time zone: UTC/GMT +8 hours)
Up-to-date Google Chrome (version: 0.2.149.30)
The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2011-2818
Use-after-free vulnerability in Google Chrome allows remote attackers to
cause a denial of service or possibly have unspecified other impact via
vectors related to display box rendering.
CVE-2011-2800
Hi MustLive,
I can confirm that this consumed most ressources in FireFox 3.5.2 as well.
I have the newest Google Chrome browser installed which might explain why.
Best regards, hopes, peace and love,
MaXe - Founder of InterN0T - Undergrou...
http://www.intern0t.net/
Hi Tim
First of all, the dialog spoofing issue still works in Google Chrome and
it has not been patched. A lot of tests have been
conducted considering different variants spoofing. I missed your paper
previously. I must say its a very good read. A similar issue about
Google URL obfuscation, which still persists because it has been
mentioned by the team itself some stuff is based on the
standards of HTTP protocol handler authentication schemes
(http://www.nice.com@evil.com). The link is as follows
Hi
Google Chrome, right from the start has shown some stringency in tab
crashing. But crashing tabs or full browser crash is becoming more smoother
than the previously reported cases. On playing around with Google Chrome
and Chrome Frame direct tab crashing has been reloaded. The specific
points are mentioned below:
1. Scripts are checked against memory allocation part and raises a warning.
2. In recent versions playing around with JavaScript based conversion of
---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27
Tested:
Windows XP Professional SP3
Result:
Google Chrome Crashes with All Tabs
Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It lies in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.
>> -----------------------------
>> URL: http://websecurity.com.ua/4238/
>> -----------------------------
>> Affected products: Mozilla Firefox, Internet Explorer 6, Internet
>> Explorer
>> 8, Google Chrome, Opera.
>> -----------------------------
>> Timeline:
>>
>> 26.05.2010 - found vulnerabilities.
>> 26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
>
> Vulnerable version is Opera 9.52 and previous versions (and potentially
> next
> versions too).
>
> Vulnerable version is Google Chrome 2.0.172 and previous versions. At that
> Google Chrome 1.0.154.48 is not vulnerable - it's possible that vulnerable
> is only Chrome 2.x.
>
> I mentioned about this vulnerability at my site
> (http://websecurity.com.ua/3338/).
software site: http://pack.google.com/intl/it/pack_installer.html
tested against: Internet Explorer 8, windows xp sp3
Internet Explorer 7, windows xp sp3
Google Chrome 2.0.172.43
vulnerability:
through the vulnerable googleapps.url.mailto:// deprecated uri handler, registered as follows:
[HKEY_CLASSES_ROOT\GoogleApps.Url.mailto]
Next Page>>
|
