Tuesday, November 25, 2008

Google Chrome MetaCharacter URI Obfuscation Vulnerability.

Google Chrome's latest vulnerability on MetaCharacter URI Obfuscation, released by Aditya K Sood reached the media today.

This is EvilFinger's 5th Vulnerability finding on Google Chrome (3 in Sep 2008, 1 in Oct 2008 and 1 in Nov 2008).

Nov 24, 2008 Google Chrome MetaCharacter URI Obfuscation Vulnerability

Oct 20, 2008 Google Chrome OnbeforeUload and OnUnload Null Check Vuln

Sep 27, 2008 Google Chrome Window Object Suppressing Remote DoS

Sep 23, 2008 Google Chrome Carriage Return Null Obj. Memory Exhaustion Remote DoS

Sep 2, 2008 Google Chrome Browser 0.2.149.27 in chrome.dll

The latest finding was released on 24th Nov 2008 after the security update that fixed URL spoofing flaw that was aimed at pop-ups.

Some websites that listed the latest flaw:
http://www.milw0rm.com/exploits/7226

http://www.securiteam.com/windowsntfocus/6L00O1FN5S.html

http://novirusthanks.org/blog/?p=331

For more details contact us.

- EF

No comments: