Skip to main content

Bug may enable remote code execution in Chrome

posted onOctober 25, 2011
by l33tdawg

Google Chrome contains a vulnerability that could allow an attacker to silently execute remote code on a victim's machine outside of the browser's built-in sandbox protections, according to researchers at Slovenia-based Acros Security.

According to Google, however, the issue is not technically a flaw, but rather a “strange behavior” that would require substantial user manipulation to exploit.

The issue, which Acros researchers disclosed to Google more than a month ago, could result in Chrome, under specific circumstances, loading an encryption configuration file from an insecure location, Mitja Kolsek, CEO of Acros Security, told SCMagazineUS.com on Monday. This could allow an attacker to execute remote code on a victim's machine outside of the Chrome sandbox, intended to protect sensitive resources from being accessed by malicious code.

Source

Tags

Chrome Google Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th