Next Page >>
The Google
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Google SketchUp 'lib3ds' 3DS Importer Memory Corruption
1. *Advisory Information*
Chrome all versions < 3.0.195.32
Tests performed on v3.0.195.25
III. BACKGROUND
-------------------------
Google Chrome is a web browser released by Google which uses the WebKit
layout engine and application framework. It is one of the four most popular
browsers in the market today. Google released the entire source code of
Chrome, including its bespoke V8 JavaScript engine as an open source project
entitled Chromium, in 2008. Google Chrome is best known for its fast speed,
simplicity and reliability.
Back in 2006, there was interesting research done by James Holderness[1] and
James M. Snell[2] which uncovered a variety of XSS issues in various online
feed aggregator services (e.g. Feed Demon). The vulnerability arises from
the fact that it is not expected of RSS readers to render scripted content.
I want to extend that research by doing threat analysis on inbuilt feed
readers offered in most modern browsers. I have found Google Chrome (v2,3)
and Opera (v9,v10) to be vulnerable, while Internet Explorer(v7,8), Firefox
3.5 and Safari 4 are resilient to the exploits mentioned below.
IV. DESCRIPTION
-------------------------
I. Background:
Google Notebook is a service where it's possible to "add text, images, and links from web pages without leaving your browser window."
Google Bookmarks is a service where it's possible to save bookmarks.
II. Description:
Three cross site scripting vulnerabilities were identified inside Google Notebook. A remote attacker can make a malformed block notes and invite, through the sharing option inside Google Notebook, other users to see it to obtain their cookie. User interaction is required to exploit all three vulnerabilies.
Browser affected: Firefox 3.
Browser not affected: Internet Explorer 7, Opera 9.5, Safari 3.
I was getting backscatter SPAM from google and enabled SPF rules in my DNS
domain along with installing Vbounce in SpamAssassin and it has basically
all stopped.
SPF specifically addresses the Google bounce issue, since Google
implements SPF. When a spammer sends a message to google with a forged
From: header for my account, Google will lookup my domains SPF record and
see that the spammers mail sender is not a valid sender for my domain and
will not send a bounce.
Anyway, the bug was resolved (without due credit) in about a month or two.
http://careers.yxxxx.com/pdfdownload.php?file=/../pdfdownload.php
This serves as a contrast to the prompt response that Google Security Team displayed.
Cheers
Nam
On 9 May 2009 02:03:15 -0000
I'm also using Google Chrome.
Another concern for me - its setup downloads:
http://cache.pack.google.com/chrome/install/149.30/chrome_installer.exe
which is not signed by authenticode.
Can anyone post hashes of this file downloaded over a trusted network?
Or, is this info available at some trusted sources?
Thanks in advance,
Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities
I. Background:
Google Docs is an online application which makes possibile to "Create and share your work online". You can use it to
create Documents, Presentations, Spreadsheets and Forms.
II. Description:
Multiple cross site scripting vulnerabilities were identified in Google Docs. A remote attacker could write a malformed
document and invite, through Google Docs sharing option, other users to see it in order to obtain their cookies. It's also possible
Hello MustLive,
Thanks for your immediate reply.
I have now tested what you said, cause I suspected that it was only happening because Google Chrome was installed, due to FireFox isn't able to know what ``chromehtml:´´ is on its own. (it has to be associated with an application in this case).
The following would open a lot of windows, consuming most likely all ressources:
http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit2.html
FireFox version: FireFox 3.5.2 (Mozilla/5.0 (Windows; U; Windows NT 5.1; da; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Universal XSS Vulnerability in all Google Services can compromise your personal information
May 8th, 2009
Vulnerability Reported: 04/18/2009 9.33 pm
Google’s Response: 04/18/2009 10.19 pm (Wow! that was super fast for Saturday :))
Vulnerability Fixed: 05/05/2009 7.05 pm
Change Propogated: 05/07/2009 3.19 pm
I recently reported a cross-scripting flaw to Google, which is now fixed. The vulnerability existed in Google’s Support Python Script where a malicious url is not sanitized for XSS character ‘ (single quote) before putting inside javascript variable logURL. As a result, it was possible to break the encapsulation of the var declaration and execute arbitary javascript commands on the main Google.com domain.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Chrome Password Manager Cross Origin Weakness
Release Date: 2010-02-15
Application: Google Chrome Web Browser
Versions: 4.0.249.78, 3.0.195.38, and likely earlier
Severity: Medium/Low
Author: Timothy D. Morgan <tmorgan (a) vsecurity . com>
Vendor Status: Update Released [2]
CVE Candidate: CVE-2010-0556
Google Chrome Window Object Suppressing Remote Denial of Service.
*Version Affected:*
Chrome/0.2.149.30
Chrome/0.2.149.29
Chrome/0.2.149.27
*Severity:*
High
*Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.*
*Version Affected:*
Chrome/0.2.149.30
Chrome/0.2.149.29
*Severity:*
High
We can tell Google what to crawl and what not to. If people don't tell
Google not to crawl then it will be crawled. We cant blame Google for
that.
On 12/30/07, Memisyazici, Aras <arasm@vt.edu> wrote:
> >>The researchers found that they can use Google to retrieve the hashed password of the hacker. Google has become so big that it actually allows efficient encrypted passwords lookup.
>
> Could you please be more specific? Do you mean, Google had crawled an entire MySQL DB and had access to the contents of the password field in encrypted form? Or had the contents of a /etc/shadow file? Or has a huge rainbow table repo. to compare hashes against? Or... ?
>
>
Dear all,
with research colleague Thomas Duebendorfer from Google in Zurich I've
finally had a chance to look deeper into the performance of Web
browser update mechanisms. The analysis of anonymized Google Web
server logs allowed us to compare and rank the update strategies
deployed by
Google Chrome, Mozilla Firefox, Apple Safari, and Opera. We found
considerable differences in the performance of the update techniques
deployed by each browser by measuring the share of the latest minor
Advisory: Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.
Version Affected:
Google Chrome: 1.0.154.36
Description:
Google Chrome FTP Client is vulnerable to FTP PASV malicious port
scanning vulnerability. The username in the
FTP (ftp://username:password@domain.com) can be manipulated by tampering
it with certain IP address with
Hi
Google docs network was vulnerable to PDF repurposing attacks. The
vulnerability was disclosed to Google with a discretion.
This was done to mitigate the risk . Google had worked over it and
patched it with in a period of 5 days. The Google doc has
been refined now and the integrated support for adobe plugin is removed.
The user security was the prime issue because millions
of user were at risk if this attack persisted in the open environment.
tell the difference in the UI you are using, so it's understandable to
have missed these extra limits.
Thanks for taking the trouble to contact us, though.
Chris Evans, Google Security Team
On Fri, Jul 17, 2009 at 2:48 PM, ISecAuditors Security
Advisories<advisories@isecauditors.com> wrote:
> =============================================
----- Original Message -----
From: <advisories@intern0t.net>
To: <bugtraq@securityfocus.com>; <mustlive@websecurity.com.ua>
Sent: Wednesday, August 26, 2009 11:41 AM
Subject: Re: DoS vulnerability in Google Chrome
Hello MustLive,
Hello Bugtraq!
I want to warn you about File Download and Denial of Service vulnerabilities
in Mozilla Firefox, Internet Explorer, Google Chrome and Opera. Earlier I
already wrote about DoS vulnerabilities in different browsers via different
protocol handlers. And now I'll tell about research concerned with attacks
via protocols http and ftp which I made already in 2008 and published at
30.06.2010.
-----------------------------
Vulnerability Report:
As part of our recent work on the trust hierarchy that exists among email providers throughout the Internet, we have uncovered a serious security flaw in Ggoogle's free email service, Gmail. This vulnerability exposes Google's email servers in a way that allows an attacker to use them as open spam and phishing relays. This issue is related to the risk of a malicious user abusing Gmail's email forwarding functionality. This is possible because Gmail's email forwarding functionality does not impose proper security restrictions during its setup process and can be easily subverted. By exploiting this problem an attacker can send unlimited spam and phishing (i.e. forged) email messages that are delivered by Google's very own SMTP servers. Since the messages are delivered by Google's own servers, an attack based on this flaw is able to bypass all spam filters that are based on the blacklist / whitelist concept. We were able to confirm that this vulnerability is indeed exploitable b
y crafting a proof of concept attack that allowed us to send any number of forged email messages without restriction through Google's server infrastructure. We have also verified that this flaw allows attackers to bypass spam filters by using our method to send messages that are usually flagged as spam. While sending these messages directly from our network in the traditional way had the messages classified as spam, by sending the very same messages using our exploit, the messages were delivered directly to the victim's inbox, thus bypassing filters.
Impact:
All email providers that offer Google's SMTP servers any special level of trust (e.g. whitelist status) are vulnerable.
On Wed, 7 May 2008 pablo.ximenes@upr.edu wrote:
>
> Vulnerability Report:
>
> As part of our recent work on the trust hierarchy that exists among email providers throughout the Internet, we have uncovered a serious security flaw in Ggoogle's free email service, Gmail. This vulnerability exposes Google's email servers in a way that allows an attacker to use them as open spam and phishing relays. This issue is related to the risk of a malicious user abusing Gmail's email forwarding functionality. This is possible because Gmail's email forwarding functionality does not impose proper security restrictions during its setup process and can be easily subverted. By exploiting this problem an attacker can send unlimited spam and phishing (i.e. forged) email messages that are delivered by Google's very own SMTP servers. Since the messages are delivered by Google's own servers, an attack based on this flaw is able to bypass all spam filters that are based on the blacklist / whitelist concept. We were able to confirm that this vulnerability is indeed exploitable b
> y crafting a proof of concept attack that allowed us to send any number of forged email messages without restriction through Google's server infrastructure. We have also verified that this flaw allows attackers to bypass spam filters by using our method to send messages that are usually flagged as spam. While sending these messages directly from our network in the traditional way had the messages classified as spam, by sending the very same messages using our exploit, the messages were delivered directly to the victim's inbox, thus bypassing filters.
>
> Impact:
>
> All email providers that offer Google's SMTP servers any special level of trust (e.g. whitelist status) are vulnerable.
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs
Multiple vulnerabilities in Google's Android SDK
*Advisory Information*
Title: Multiple vulnerabilities in Google's Android SDK
> browser developers about many vulnerabilities (as DoS, as others) and
> gave
> them a lot of time for fixing in many of that cases. But they almost
> always
> ignore to fix the holes (especially DoS holes, which were only fixed few
> times by Google and one time by Microsoft, and not in IE, but in Outlook,
> and 99% of cases were completely ignored). Taking that into account last
> year I decided from 2010 never inform browser vendors about DoS holes in
> their browsers. And this time it was an exclusion (just one). In any case
> due to full disclosure the Internet community will be knowing about the
> vulnerabilities in browsers which I found and will be knowing the real
This informing of vendors was an exclusion. During 2007-2009 I informed many
browser developers about many vulnerabilities (as DoS, as others) and gave
them a lot of time for fixing in many of that cases. But they almost always
ignore to fix the holes (especially DoS holes, which were only fixed few
times by Google and one time by Microsoft, and not in IE, but in Outlook,
and 99% of cases were completely ignored). Taking that into account last
year I decided from 2010 never inform browser vendors about DoS holes in
their browsers. And this time it was an exclusion (just one). In any case
due to full disclosure the Internet community will be knowing about the
vulnerabilities in browsers which I found and will be knowing the real state
-------------------------
Gmail vulnerable to automated password cracking.
II. BACKGROUND
-------------------------
Gmail is Google's free webmail service. It comes with built-in Google
search technology and over 7,300 megabytes of storage (and growing
every day). You can keep all your important messages, files and
pictures forever, use search to quickly and easily find anything
you're looking for, and make sense of it all with a new way of viewing
messages as part of conversations.
Hi Chris,
cevans@google.com wrote:
> Hi Vicente,
>
> As was explained by my colleague Neel Mehta in his reply, this is not
> a vulnerability.
I must express my disagreement. I consider that if someone can automate
the process of password cracking, exist a security problem. I have
Besides, which exploit works in Firefox 3.5.2 in your case? Maybe it's hole
in Firefox 3.5.x. Then it'll be better for you to check it on the system
with Firefox, but without Chrome. In case if it's Cross-Application DoS
(http://websecurity.com.ua/2600/, which you can read on English
http://translate.google.com/translate?hl=en&ie=UTF-8&u=http://websecurity.com.ua/2600/&sl=uk&tl=en),
and Firefox 3.5.2 is affected via Chrome (you must test it by running
exploit in Firefox 3.5.2 on systems with and without Chrome installed), then
there are things which we need to know. Which browsers (Firefox 3.5.x and
others) are affected, and which versions of Chrome lead to this issue.
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4283/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Google Chrome,
Opera.
-----------------------------
Timeline:
26.05.2010 - found vulnerabilities.
Version Affected:
Chrome/1.0.154.43 and previous too
Description:
The Google chrome browser is vulnerable to clickjacking flaw.A
clickjacked page tricks a user into performing
undesired actions by clicking on a concealed link. attackers can trick
users into performing actions which the
users never intended to do and there is no way of tracing such actions
later, as the user was genuinely
Next Page>>
|
