[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Google Chrome - Javascript Execution Via Default Search Engines

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Google Chrome - Javascript Execution Via Default Search Engines
From: metalkey net <6d3374346c6b33@xxxxxxxxx>
Date: Sun, 10 Jan 2016 23:00:37 +1100

Google Chrome allows execution of Javascript via the Default Search Engines
feature.
An exploit can be created to take advantage of this issue by manipulating
the master_preferences file on a victim's machine.

Video Example:
https://www.youtube.com/watch?v=WoF-LkA6fMk

Walkthrough:
https://m3t4lk3y.wordpress.com/category/google-chrome-search-poison/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
Next by Date: [FD] Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24
Previous by thread: [FD] SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
Next by thread: [FD] Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24
Index(es):
- Date
- Thread