lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201301071331.r07DVTtL020818@sf01web3.securityfocus.com>
Date: Mon, 7 Jan 2013 13:31:29 GMT
From: mbsdtest01@...il.com
To: bugtraq@...urityfocus.com
Subject: Chrome for Android - Android APIs exposed to JavaScript

CVE Number:         CVE-2012-4907
Title:              Chrome for Android - Android APIs exposed to JavaScript
Affected Software:  Confirmed on Chrome for Android v18.0.1025123
Credit:             Takeshi Terada
Issue Status:       v18.0.1025308 was released which fixes this vulnerability

Overview:
  By abusing Java objects exposed to JavaScript, malicious Web pages can execute
  arbitrary commands on Chrome for Android, if the accessibility setting of the
  device is enabled.

Details:
  Chrome for Android (v18.0.1025123) is prone to remote command execution
  vulnerability. When a Chrome user visits a malicious Web page, the JavaScript
  in the page can execute arbitrary commands (Java methods) in the context of
  Chrome app.

  Only users who have enabled device's accessibility setting are affected.
  Accessibility setting is for those who have visual or physical limitations,
  and is disabled by default. It is enabled by some apps such as TalkBack,
  ClockBack and so on.

  The root cause of the issue is:

  1. Chrome automatically exposes some Java objects (e.g. "accessibility")
     to JavaScript if the device's accessibility setting is enabled.

  2. And JavaScript is allowed to gain access to Java's ClassLoader via
     Java objects exposed to JavaScript.

Proof of Concept:
  At present I do not have plans to disclose PoC for this issue.

Timeline:
  2012/07/08  Reported to Google security team.
  2012/09/12  Vender announced v18.0.1025308
  2013/01/07  Disclosure of this advisory

Recommendation:
  Upgrade to the latest version.

Reference:
  http://googlechromereleases.blogspot.jp/2012/09/chrome-for-android-update.html
  https://code.google.com/p/chromium/issues/detail?id=144813

Note:
  The idea of this attack came from below Web page (Japanese).
  http://www.kanasansoft.com/weblab/2012/04/webview_addjavascriptinterface_of_android_is_dangerous.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ