Archive for février 2011

[CVE-2011-1107] Google Chrome Location Bar URL/SSL Spoofing And Login/Password stealing


Titre: Google Chrome URL Bar Spoofing ( Can be used to steal Login & Password saved into Google Chrome )


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1107


Author: Security researcher Jordi Chancel


UPDATE Link: http://googlechromereleases.blogspot.fr/2011/02/stable-channel-update_28.html


Description:

Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.


  • Quelques Vidéos de démonstration :

Location Bar Spoofing Vulnerability with Login and Password Stealing.


Location Bar Spoofing Vulnerability And Possible JavaScript code Execution on the targeted website using the drag and drop event of a JavaScript Link into the Location Bar.


  • Image de démonstration d’un autre résultat obtenu avec la même vulnérabilité :


-Security Researcher Jordi Chancel