[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Bypassing Google Chrome 4 Javascript Filter

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Bypassing Google Chrome 4 Javascript Filter
From: Manuel Fernández Fernández <mfernandez@xxxxxxxxxxxxxxxxx>
Date: Wed, 26 May 2010 10:38:00 +0200

Bypassing Google Chrome 4 Javascript Filter
===========================================

Google Chrome 4 included a new Javascript Filter which allows users to disallow 
javascript in websites. This filter doesn´t allow to web sites to execute any 
Javascript code if the web site is accessed directly.
This protection, can be easily bypassed since it only is applied when the web 
site is accessed as the main page. This means, if the blocked domain site is 
used in an iframe object, then the Javascript filter doesn´t block any 
Javascript code.

POC in Spanish 
(http://elladodelmal.blogspot.com/2010/05/google-chrome-4-bypassing-javascript.html).
POC in English 
(http://www.informatica64.com/recursos/Bypassing_Google_Chrome_4_Javascript_Filter.pdf).

Manuel Fernández
Security Consultant
Informática64

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [NPA] CFP: International Journal of Network Protocols and Algorithms
Next by Date: [Full-disclosure] To the police who torment, harass and stalk me.
Previous by thread: [Full-disclosure] [NPA] CFP: International Journal of Network Protocols and Algorithms
Next by thread: [Full-disclosure] To the police who torment, harass and stalk me.
Index(es):
- Date
- Thread