Posts Tagged ‘Chrome’

Vulnerability

Browser extension

Specialist anti-virus protection Zoltan Balazs announced the creation of a special program, which looks like an extension to the browser and perform almost all the functions typical of malware.

In particular, Balazs’s extension supports remote management, modification viewed web-pages, download and execute external code, theft of login information to log in to various services, bypassing two-factor authentication on the web-sites, and more. Among other things, Bazals promises to publish its program code in a public repository GitHub as an experimental corroboration of its findings about the vulnerabilities of modern browsers.

Balazs himself working in the Hungarian branch of the well-known consulting firm Deloitte. His product, he decided to show what risks may pose a browser extension and the antivirus industry attention to this problem. Prior to the open publication Balazs shared his code with the major vendors.

When to use browser extensions for criminal activities are known. So, in May of this year, it was discovered an extension to the browser Chrome, which inserts false advertising page on Wikipedia. However, so far malicious extensions mainly served for fraud with online advertising, or for processing search requests to a fake website.┬áBalazs development shows that such extensions can be used for more serious attacks. (more…)

Google ChromeVulnerability: Multiple vulnerabilities in Google Chrome

Danger: High
Patch: Yes
Impact: Cross Site Scripting
Security Bypass
System compromise
Affected products: Google Chrome 21.x
Affected versions: Google Chrome versions prior to 22.c

Number of vulnerabilities: 19 (more…)