Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.

Subject: Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
From: ian@chromium.org
Date: Tue Sep 30 2008 - 19:40:45 EEST

Previous message: redb0ne@hush.com: "Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service."
Maybe in reply to: Aditya K Sood: "Advisory: Google Chrome Window Object Suppressing Remote Denial of Service."
Maybe reply: ian@chromium.org: "Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) This issue, as reported to us by Aditya, is being tracked at http://code.google.com/p/chromium/issues/detail?id=2877. We would like to note that we discovered the outlined behavior several weeks ago internally, and publicly reported it to Webkit: https://bugs.webkit.org/show_bug.cgi?id=20661

While this is a low-priority bug, we do not believe it constitutes a security threat. The vector merely permits windows to be gracefully closed, rather than "killed", and applies only to windows that the malicious page could already script (that is, not an arbitrary third-party window). There is no risk of stealing user data, or any sort of remote code execution

Previous message: redb0ne@hush.com: "Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service."
Maybe in reply to: Aditya K Sood: "Advisory: Google Chrome Window Object Suppressing Remote Denial of Service."
Maybe reply: ian@chromium.org: "Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Tue Sep 30 2008 - 22:49:08 EEST