Google Chrome Break

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Google Chrome Break
From: Liu Die Yu <liudieyu.com@xxxxxxxxx>
Date: Tue, 11 Nov 2008 16:34:29 +0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=/DV5O0g4O6J055EAT16ZnbkbfYkxZbO8ixEmU5wXzAA=; b=m6l5XJIwWKpTgAJY5ry1xOm5LpiyiDGSAEdiJby9ySoq0Sma/cvL7cX4gU1ILpSfw9 slIdRQIZVPvgixpvCCuMPaAdmxSJYoXwaWq8Hx8Wo5yqvtPFpaxtzwOn5y0PXxocU5Lz rZJMXHDyIfj+J/l16mkcI+mAZFMO/yRpLT0XE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=GVpTSjBybX8vRIvFMj81Dgv3uMcGLCSJzgqBr32VgrZIy6aBSScOcyGpddUQ/vDtpU LdfPB8zo1oGz7FdPzfQQr6GptCeqraCJf9rGGUq8EYvMXuS5LeM2QSe01RTLznfF7seJ YF72BlyaN6VlneRBJR9Y8k+rPigTrHp872eiw=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

Address spoofing. Already patched. It's in the news last month.

Just a reminder, XCON'08 is coming in a week - check http://xcon.xfocus.org/

greetz to drewcopley, drorshalev, zwell, liuyuer, lqa21, and, of courseall@topsec


----------

http://liudieyu.com/kissofthedragon.32168816196486005/

To be viewed with Google Chrome

Last tested
Wednesday, October 29, 2008 at 9:53:18 AM (time zone: UTC/GMT +8 hours)
Up-to-date Google Chrome (version: 0.2.149.30)

Contents
Address spoofing.
1. Address is displayed "bbb.org".
2. Contents are not from bbb.org(contents are manipulated).

http://twitter.com/liudieyu

Google Chrome is still "virgin" - Right now only had a bunch of D.o.S,and, a buffer overrun if user saves the attacker's webpage.

Prev by Date: Re: Default key algorithm in Thomson and BT Home Hub routers
Next by Date: Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vuln.
Previous by thread: Collabtive 0.4.8 Multiple Vulnerabilities
Next by thread: Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vuln.
Index(es):
- Date
- Thread