Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

April 27th, 2009

Internet Explorer + Google Chrome = security problem

Posted by Ryan Naraine @ 11:01 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Firefox, Hackers, Malware, Microsoft, Mozilla, Passwords, Patch Watch, Punditocracy, Research, Responsible disclosure, Vulnerability research

Tags: Google Inc., Microsoft Internet Explorer, Google Chrome, Web Browsers, Security, Internet, Ryan Naraine

Security problems surrounding protocol handling and Web browsers have surfaced again — this time with Google Chrome and Microsoft’s Internet Explorer.

According to an advisory from the Google Chrome team, there’s an error in handling URLs with the a chromehtml: protocol that could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.

[ SEE: Command injection flaw found in IE: Or is it Firefox? ]

The skinny:

If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker’s choice.

The “high severity” vulnerability affects Google Chrome versions 1.0.154.55 and earlier.

It can be exploited by malicious hackers to launch universal cross-site scripting (UXSS) attacks without user interaction under certain conditions.

[ SEE: Mozilla caught napping on URL protocol handling flaw ]

IBM’s Roi Saltzman, the researcher credited with finding and reporting the issue to Google, has released an advisory (word .doc) to explain the attack vectors and impact.

He warns that the flaw opens the door to two major attack vectors:

Bypass the Same Origin Policy restrictions for any site (this has the same impact as Universal XSS)
Enumerate victim’s local files and directories

“It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles’ heel and has been widely used previously to attack other various applications,” Saltzman said. Proof-of-concept code for this issue is publicly available.

Microsoft maintains the problems are not related to vulnerabilities in its code.

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

Talkback
Most Recent of 17 Talkback(s)

Thread View
Flat View

What about IE6?: But are people switching to Chrome from IE8 or an earlier model. If they don't think that IE in any form is secure they would have switched and not upgraded to IE's latest and greatest. So would that ... (Read the rest); Posted by: reziol Posted on: 05/01/09 You are currently: a Guest | Log in | Terms of Use

They have to share the blame honeymonster | 04/27/09

I agree responsibility falls on both LiquidLearner | 04/27/09

I understand... honeymonster | 04/27/09

more reasons do dump IE Linux Geek | 04/27/09

I believe IE8 prompts you PB_z | 04/27/09

You're right honeymonster | 04/27/09

I get two prompts after typing chromehtml:. Grayson Peddie | 04/27/09

What about IE6? reziol | 05/01/09

Odd that Ryan doesn't see fit to mention mhenriday | 04/28/09

Re: Microsoft failing to remove this IE bug Isocrates | 04/30/09

RE: Internet Explorer Google Chrome = security problem phatkat | 04/28/09

Let me SWAG on this (kinda long).... Rick S._z | 04/28/09

Could you explain? [Updated] Isocrates | 04/30/09

RE: Internet Explorer Google Chrome = security problem Steve KTG | 04/28/09

RE: Internet Explorer Google Chrome = security problem picpocbalanel@... | 04/29/09

This ball is all firefox Spiritusindomit@... | 04/29/09

Could you explain? [Updated] Isocrates | 04/30/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

How Windows Server 2008 R2 Helps Optimize IT and Save You Money Microsoft Achieve both cost savings and increased IT agility with a new approach to IT and data-center management that emphasizes automation and optimization. Download Now
Twelve Ways to Reduce Costs with Microsoft(r) SQL Server(r) 2008 Microsoft Looking to squeeze the best possible value from new and existing systems? Learn 12 proven ways to save time and money using Microsoft SQL Server 2008. Download Now
Enabling Device-Independent Mobility with Dynamic Virtual Clients Intel Intel IT is investigating a model where users can access their ... Download Now

Blogs From Our Sponsors

Top Rated

And the most popular password is...+34 votes
Microsoft readies emergency IE patch to counter public exploits+33 votes
Report: 48% of 22 million scanned computers infected with malware+32 votes
Microsoft says Google was hacked with IE zero-day+31 votes
Microsoft confirms 17-year-old Windows vulnerability+31 votes
MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities+26 votes
Bogus IQ test with destructive payload in the wild+22 votes
Haiti earthquake themed blackhat SEO campaigns serving scareware+21 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Live Webcast: The Power of Centralization in Distributed Development CollabNet Distributed teams are common in software development today. However ... Download Now
Unified Communications and Your Business: What You Need to Know Qwest Communications Get an overview of the potential benefits of Unified Communications (UC), including key considerations for mapping out your UC strategy. Download Now
Volume Activation Operations Guide Microsoft Microsoft? Volume Activation helps Volume Licensing customers automate and ... Download Now

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Zero Day

Ryan Naraine and Dancho Danchev

April 27th, 2009

Internet Explorer + Google Chrome = security problem

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads

Zero Day

Ryan Naraine and Dancho Danchev

April 27th, 2009

Internet Explorer + Google Chrome = security problem

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Keep up with ZDNet

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads