Welcome to Google Chrome Plugins

Source of Plugins, Themes, Add-ons and information for the Google Chrome Web Browser!

Top Tip: Click here to Fix Windows Errors & Optimize Windows Performance

Researchers Detect Flaw In Chrome Leading To Execution Of Remote Code

by arupchou on October 25, 2011

According to researchers at Slovenia based Acros Security, Google Chrome contains a vulnerability which allows an attacker to Chromeexecute remote code in Chrome outside the browser’s built-in sandbox protections. Google however has said that the issue is technically not a flaw but it is a strange behavior which will require considerable manipulation of the user to be exploited. Acros researchers have disclosed the issue to Google for more than a month ago and this under Chrome in precise situation could load an encryption configuration file from an insecure location.

Encryption File Called pkcs11.txt

The bug involves an encryption configuration file known as pkcs11.txtw which gets loaded in Chrome by one of the libraries of Network Security Services (NSS) of Mozilla which is integrated into the browser. The flaw might survive in some of the other products which use NSS libraries. In order to exploit the bug, the attacker needs to set up a network share and place the harmful pkcs11.txt file inside it. Then all he needs to do is to trick the user into opening the malicious file. If the user gets duped then Chrome will involuntarily set the present working directory into an insecure location.

However, it is a bit difficult to successfully exploit the bug which made researchers of both Google and Acros believe that the risk of exploitation is low. According to researchers if the attack to work, Google needs to be default search engine within the browsers. Other browsers like Yahoo and Bing do not send any HTTPS request when Chrome is launched.

Following this, Google has notified employees of Mozilla about the issue and an fixed version of network security services code is anticipated to be integrated in Chrome in the coming version. Chrome is one of the most secure browsers of the world and it is important to patch each and every bug coming its way.

{ 2 comments… read them below or add one }

1 swill 10.25.11 at 4:04 am

Really? To me, chrome is fast,but after a long time using, it often freeze just suddenly.I guess it may casued by some javascript. The only way is to reopen the whole browser. And recently it act even badly. I have no choice but to change to other browser, now,I’m using Avant 2012, like the firefox mode.Sometimes, it’s better to make some change.

2 Denise 10.28.11 at 10:26 pm

Great now they will know how to accomplish this.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

Buzzify Networks

Google Chrome and Google™ is a Trademark of Google Inc - Google Chrome. - Sitemap - Privacy Policy - SEO Enhanced
This site chromeplugins.org is not affiliated with or sponsored by Google Inc.
Coming Soon Chrome Themes and Chrome Extensions