Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
From: ian@xxxxxxxxxxxx
Date: Tue, 30 Sep 2008 10:40:45 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This issue, as reported to us by Aditya, is being tracked at 
http://code.google.com/p/chromium/issues/detail?id=2877. We would like to note 
that we discovered the outlined behavior several weeks ago internally, and 
publicly reported it to Webkit: https://bugs.webkit.org/show_bug.cgi?id=20661

While this is a low-priority bug, we do not believe it constitutes a security 
threat. The vector merely permits windows to be gracefully closed, rather than 
"killed", and applies only to windows that the malicious page could already 
script (that is, not an arbitrary third-party window). There is no risk of 
stealing user data, or any sort of remote code execution

Prev by Date: WordPress MU < 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability
Next by Date: Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
Previous by thread: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
Next by thread: Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
Index(es):
- Date
- Thread