[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer

To: "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer
From: Amit Klein <amit.klein@xxxxxxxxxxxx>
Date: Tue, 16 Nov 2010 06:05:46 -0600

Hi list,

This is a quick update regarding Google Chrome's Math.random implementation and 
its vulnerability. Our original results with Google Chrome 3.0 and above don't 
hold as-is for Google 6.0 and above due to a change introduced in the Google 
Chrome Math.random implementation. However, the attack algorithm can be 
modified to take this change into account, so the vulnerability is still in 
effect. As reported earlier, it is possible to read application states across 
domains, thus enabling for e.g. in-session phishing. This was reported to 
Google's security team earlier this year, which responded by stating that there 
is no ETA for a fix and we're free to publish our results. 

For additional details, please read the full paper at:
http://www.trusteer.com/sites/default/files/Google_Chrome_6.0_and_7.0_Math.random_vulnerability.pdf

Thanks,
-Amit
Amit Klein, CTO, Trusteer

Prev by Date: LFI and XSS vulnerability in openEngine
Next by Date: [ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities
Previous by thread: LFI and XSS vulnerability in openEngine
Next by thread: [ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities
Index(es):
- Date
- Thread