|
Full Disclosure
mailing list archives
Re: Google Chrome pkcs11.txt File Planting
From: Chris Evans <scarybeasts () gmail com>
Date: Fri, 21 Oct 2011 13:57:48 -0700
On Fri, Oct 21, 2011 at 2:06 AM, ACROS Security Lists <lists () acros si> wrote:
A month ago our company notified Google about a peculiar behavior of Chrome browser
that can be exploited for execution of remote code outside Chrome sandbox under
specific conditions. Our new blog post describes it all.
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
Interesting. Clear write-up.
I'm not a Windows guy but the article led me to research this:
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=windows+file+dialog+changes+cwd
Isn't that the most significant contributor? An application carefully
puts its CWD somewhere sane and then the underlying operating system
flips it around later? Might that also cause non-determinism for
multi-threaded apps? Does the problem affect Mac, Linux users?
Cheers
Chris
or
http://bit.ly/olK1P9
Enjoy the reading!
Mitja Kolsek
CEO&CTO
ACROS, d.o.o.
Makedonska ulica 113
SI - 2000 Maribor, Slovenia
tel: +386 2 3000 280
fax: +386 2 3000 282
web: http://www.acrossecurity.com
blg: http://blog.acrossecurity.com
ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
