[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Google Chrome HTTPS Address Bar Spoofing

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <cert@xxxxxxxx>, <si-cert@xxxxxxxx>
Subject: Google Chrome HTTPS Address Bar Spoofing
From: "ACROS Security Lists" <lists@xxxxxxxx>
Date: Wed, 4 Jan 2012 15:27:11 +0100

Google awarded one of our security researchers a Chromium Security Reward for an
HTTPS address bar spoofing bug in Chrome 14 and 15 (although it may be present 
in
older versions too). The bug was fixed in Chrome 16, most browsers seem to be 
updated
and we're happy to share technical details with the research community.

http://blog.acrossecurity.com/2012/01/google-chrome-https-address-bar.html

or

http://bit.ly/wt9qXs

Enjoy the reading!


Mitja Kolsek, CEO

ACROS, d.o.o.
Makedonska ulica 113, SI - 2000 Maribor, Slovenia
Tel +386.2.3000.280  Fax +386.2.3000.282
Web http://www.acrossecurity.com
Blg http://blog.acrossecurity.com  Twt @acrossecurity

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do

Prev by Date: Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform
Next by Date: TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System
Previous by thread: InfoSec Southwest 2012 CFP First-round Speaker Selections
Next by thread: TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System
Index(es):
- Date
- Thread