LUG: Google Chrome browser 0-day exploit!

Jim Cuzella jcuzella at
Fri Sep 5 11:31:44 MDT 2008

For those of you that may be experimenting with the new and exciting
google chrome browser: Beware!
As Kevin informed me last night, it uses a vulnerable version of webkit
(525.13), which contains the "carpet bombing" flaw found eariler in Safari.

For more information see here:

The proof of concept is surprisingly simple:

document.write('<iframe src="" frameborder="0" width="0" height="0">');

While google is working on a workaround patch, the following steps may
be taken to prevent you from getting pwnt:

1. Click on the wrench in Chrome's upper right corner.

2. Click OPTIONS on the dropdown menu.

3. Check the box labeled "Ask where to save each file before downloading."

The vulnerability will still exist, however you will now be prompted for
every download.

- Jim C.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
Url : 

More information about the lug mailing list