[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Chrome and Safari users open to stealth HTML5 Application Cache attack

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Chrome and Safari users open to stealth HTML5 Application Cache attack
From: Lavakumar Kuppan <lava@xxxxxxxxxxx>
Date: Mon, 28 Jun 2010 03:58:16 +0530

Google Chrome and Safari support HTML5 Application Cache.
But unlike Firefox and Opera they do not ask for user permission before
allowing a site to create an Application Cache.

On unsecured networks, attackers could stealthily
create malicious Application Caches in the browser of victims for even HTTPS
sites.
It has always been possible to poison the browser cache and compromise the
victim's account for HTTP based sites.
With HTML5 Application Cache, it is possible to poison the cache of even
HTTPS sites.

Details -
http://blog.andlabs.org/2010/06/chrome-and-safari-users-open-to-stealth.html

I have also released a POC using which both Facebook and Gmail can be
compromised.

POC - http://www.andlabs.org/tools/imposter/imposter_poc.zip

Video - http://www.youtube.com/watch?v=00sKMMyXJsI


Cheers,
Lava
http://www.andlabs.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Chrome and Safari users open to stealth HTML5 Application Cache attack
  - From: Chris Evans

Prev by Date: Re: [Full-disclosure] Redirectors: the phantom menace
Next by Date: [Full-disclosure] Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2065-1] New kvirc packages fix several vulnerabilities
Next by thread: Re: [Full-disclosure] Chrome and Safari users open to stealth HTML5 Application Cache attack
Index(es):
- Date
- Thread