lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <48FD4F8A.8050802@secniche.org>
Date: Tue, 21 Oct 2008 09:12:02 +0530
From: Aditya K Sood <0kn0ck@...niche.org>
To: bugtraq@...urityfocus.com, submit@...w0rm.com, submit@...unia.com
Subject: Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability.

Advisory: Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability.

Version Affected:
Chrome/0.2.149.30
Chrome/0.2.149.29
Chrome/0.2.149.27

Description:
Google chrome is susceptible to stringent behavior while handling
"onbeforeunload"
and "onunload" event in body tags. The malicious script render the
browser useless
when a event is created in a any kind of loop. As a result of which
browser can not be
closed and remain in useless form.It is possible to trigger it
automatically with a redirect
clause which can be used by malicious attacker to trick users. In
certain conditions it can
be used for browser based denial of service.

Proof of Concept:
http://www.secniche.org/gwobl/poc.html
http://www.secniche.org/gwobl/index.html

Links:
http://www.secniche.org/advisory.html
http://evilfingers.com/advisory/index.php

Detection:
SecNiche confirmed this vulnerability affects Google Chrome on Microsoft
Windows
XP SP2 platform.The versions tested are:

Chrome/0.2.149.30
Chrome/0.2.149.29

Disclosure Timeline:
Disclosed: 19 October 2008
Release Date. 21 October ,2008

Vendor Response:
Google acknowledges this vulnerability and "fix" will be released soon.

Credit:
Aditya K Sood

Disclaimer:
The information in the advisory is believed to be accurate at the time
of publishing based on
currently available information. Use of the information constitutes
acceptance for use in an AS
IS condition. There is no representation or warranties, either express
or implied by or with respect
to anything in this document, and shall not be liable for a ny implied
warranties of merchantability
or fitness for a particular purpose or for any indirect special or
consequential damages.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ