Tag: Google Chrome

How to Find Hidden & Saved Passwords in Windows 10

For years users have wanted to save time and effort when accessing servers on the network, Web sites requiring credentials, etc. So, there have been options in the operating system to save usernames and passwords for faster and easier access. I am sure you have seen this, either in a prompt or a checkbox, asking you to save the password. In Windows, you have the ability to store the credentials for resources that you access often, or just don’t want to have to remember the password.  Although this is a time-saving option, you might want to reconsider using this feature due to security issues.

Key Holder

Windows stores the passwords that you use to log in, access network shares, or shared devices. All of these passwords are stored in an encrypted format, but some passwords easily are decrypted using your Windows login password.

Windows stores the login credential details in a hidden desktop app named Credential Manager. Here is how to find this app, how to see which credentials are stored by Windows and how to manage them:

What is the Credential Manager?

Credential Manager is the “digital locker” where Windows stores log-in credentials like usernames, passwords, and addresses. This information can be saved by Windows for use on your local computer, on other computers in the same network, servers or internet locations such as websites. This data can be used by Windows itself or by programs like File Explorer, Microsoft Office, Skype, virtualization software and so on. Credentials are split into several categories:

  • Windows Credentials – are used only by Windows and its services. For example, Windows can use these credentials to automatically log you into the shared folders of another computer on your network. It can also store the password of the Homegroup you have joined and uses it automatically each time you access what is being shared in that Homegroup. If you type a wrong log-in credential, Windows remembers it and fails to access what you need. If this happens, you can edit or remove the incorrect credential, as shown in later sections of this article.
  • Certificate-Based Credentials – they are used together with smart-cards, mostly in complex business network environments. Most people will never need to use such credentials and this section is empty on their computers. However, if you want to know more about them, read this article from Microsoft: Guidelines for enabling smart card logon with third-party certification authorities.
  • Generic Credentials – are defined and used by some of the apps you install in Windows so that they get the authorization to use certain resources. Examples of such apps include OneDrive, Slack, Xbox Live, etc.
  • Web Credentials – they represent login information for websites that are stored by Windows, Skype, Internet Explorer or other Microsoft apps. They exist only in Windows 10 and Windows 8.1, but not in Windows 7.

How to open the Credential Manager in Windows:

The method that works the same in all versions of Windows. First, open the Control Panel and then go to “User Accounts  –> Credential Manager.”

Capture-1

You’ll notice there are two categories: Web Credentials and Windows Credentials. The web credentials will have any passwords from sites that you saved while browsing in Internet Explorer or Microsoft Edge. Click on the down arrow and then click on the Show link.

Capture-2

You’ll have to type in your Windows password in order to decrypt the password.

Capture-4

f you click on Windows Credentials, you ’ll see fewer credentials stored here unless you work in a corporate environment. These are credentials when connecting to network shares, different computers on the network, or network devices such as a NAS.

Capture-3

In the same way, I’ll also mention how you can view Google Chrome saved passwords. Basically, each browser has the same feature, so you can do the same thing for Firefox, Safari, etc. In Chrome, click on the three dots at the top right and then click on Settings. Scroll down and then click on Passwords.

Under Passwords, enable Offer to save your web passwords. You can view the saved passwords.

Capture-5

History of the Credential Manager:

According to a 1996 Network Applications Consortium (NAC) study, users in large enterprises spend an average of 44 hours per year performing login tasks to access a set of four applications. The same study revealed that 70 percent of calls to companies’ Help desks were password-reset requests from users who had forgotten a password.

Single sign-on (SSO) is an approach that attempts to reduce the time users spend performing login tasks and the number of passwords users must remember. The Open Group, an international vendor and technology-neutral consortium dedicated to improving business efficiency, defines SSO as the “mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords”

SSO solutions come in two flavors: solutions that deal with one set of user credentials and solutions that deal with multiple sets of user credentials.

A good example of the first type of solution is a Kerberos authentication protocol-based SSO setup.

A good example of the second type of solution is the Credential Manager. Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP. It’s based on a secure client-side credential-caching mechanism.

The Windows 2000 (and earlier) requirement that users must re-enter the same credentials whenever they access resources on the same Internet or intranet server can be frustrating for users, especially when they have more than one set of credentials. Administrators often must cope with the same frustration when they have to switch to alternative credentials to perform administrative tasks. Credential Manager solves these problems.

Conclusion:

Browser-stored passwords make it easy for hackers to get inside your network

allowing a browser to “remember” passwords can pose a major security risk because:

  • Password recovery tools can easily find these passwords.
  • Browsers typically do not use strong encryption for these passwords.
  • Users do not monitor and rarely change these passwords once they store them in their browser.

DO NOT USE THE “REMEMBER PASSWORD” FEATURE ON APPLICATIONS SUCH AS WEB BROWSERS (Google Chrome, Mozilla Firefox, Safari, Internet Explorer etc.)

For IT Admins:

Get your FREE Browser-Stored Password Discovery Tool from Thycotic to quickly and easily identify risky storage of passwords in web browsers among your Active Directory users. You get reports that identify:

  • Top 10 common machines with browser-stored passwords
  • Top 10 common users with browser-stored passwords
  • Top 10 most frequently used websites with browser-stored passwords

The Browser-Stored Password Discovery Tool is free. You can re-run the Browser-Stored Password Discovery Tool at any time to identify browser password risks and help enforce compliance with web browser security policies.

Source: online-tech-tips, digitalcitizen, techgenix,

 

Security issues caused by the WebRTC feature in Chrome browser

What is WebRTC?

Web Real-Time Communication (WebRTC) is a collection of communications protocols and APIs originally developed by Google that enables real-time voice and video communication over peer-to-peer connections.

WebRTC is a set of protocols and APIs that allow web browsers to request real-time information from the browsers of other users, enabling real-time peer-to-peer and group communication including voice, video, chat, file transfer, and screen sharing.

WebRTC implements STUN (Session Traversal Utilities for Nat), a protocol that allows the discovery of your externally assigned IP address as well as your local IP address also.

 

How secure is WebRTC?

WebRTC works from browser to browser, you don’t need to download any software or plugins in order to set up a video conference or VOIP call. All the security that you need is already contained within your browser and the WebRTC platform. Some of the inbuilt security features contained within the WebRTC platform include:

  • End-to-end encryption between peers
  • Datagram Transport Layer Security (DTLS)
  • Secure Real-Time Protocol (SRTP)

End-to-End Encryption

Encryption is built into WebRTC as a permanent feature and addresses all security concerns effectively. Regardless of what server or compatible browser you’re using, private peer-to-peer communication is safe thanks to WebRTC’s advanced end-to-end encryption features.

Data Transport Layer Security (DTLS)

Any data that is transferred through a WebRTC system is encrypted using the Datagram Transport Layer Security method. This encryption is already built-in to compatible web browsers (Firefox, Chrome, Opera) so that eavesdropping or data manipulation can’t happen.

Secure Real-Time Protocol (SRTP)

In addition to offering DTLS encryption, WebRTC also encrypts data through Secure Real-Time Protocol, which safeguards IP communications from hackers, so that your video and audio data is kept private.

Camera and Microphone Security

Unlike some other video and audio conferencing software, WebRTC requires the user to enable access to their microphone and camera before communications begin. Typically, a pop-up box will appear in your web browser, asking you to allow the program access. The image below shows what a webcam and microphone permission pop-up might look like on a chrome browser.

Security issue caused by the WebRTC feature in Chrome

It is well known that the WebRTC feature in Chrome will leak your IP address even if you are behind a proxy server or using a VPN service. While most people who do not use proxy or VPN reveals their IP addresses to whatever web server they visit all the time, the IP address is the most easily accessible piece of information to track a website visitor.

For the minimum, big companies such as Google and Facebook are using the IP addresses to analyzing your habits and behavior and send your highly-targeted ads. While most people are fine with targeted ads, there are people who don’t like to be tracked at all for whatever reason. They will choose to use either proxy or VPN service to avoid being tracked. However, in a browser which supports WebRTC, including Chrome, Slimjet, and Firefox, the website owner can easily obtain the website visitor’s/user’s true IP addresses, but also their local network address too, by a simple piece of JavaScript.

In addition to that, the WebRTC Media Device Enumeration API also enables the website owner to obtain a unique media device id from the user, which can be used to uniquely identify the visitor.

How to verify the IP leakage issue caused by WebRTC?

Here are three websites which can let you detect if your browser is liable to the IP leakage issue caused by WebRTC:

How to prevent the IP leakage caused by WebRTC?

WebRTC Control: http://bit.ly/29aqJnt

Test it: https://www.browserleaks.com/webrtc

Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication

What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge?

A UX design flaw in the Google’s Chrome browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication that the user is being spied on.

AOL developer Ran Bar-Zik reported the vulnerability to Google on April 10, 2017, but the tech giant declined to consider this vulnerability a valid security issue, which means that there is no official patch on the way.

Here’s the lowdown. Once you give a site permission to use your microphone or camera, Chrome assumes that site will have permission to do so in the future. That means every instance of that site, every page on that site, also has access to your camera and microphone, meaning a sketchy site owner could throw up a pop-under window in the background that’s listening in to everything you say, or worse, listening and set to trigger some action (like recording) when you say specific words or phrases.

After reporting it to Google, For their part, Google doesn’t see it as a problem and says it’s in compliance with W3C (the World Wide Web Consortium) standards. Google does have a point: In order for the issue to be a real threat, not only do you have to visit a site that would want to record your speech, you’d have to grant it access to your microphone, and then you’d have to not notice a pop-under window from that site lingering in the background.

Google consider this a security vulnerability or not, but the bug is surely a privacy issue, which could be exploited by hackers to potentially launch more sophisticated attacks.

In order to stay on the safer side, simply disable WebRTC which can be done easily if you don’t need it. But if you require the feature, allow only trusted websites to use WebRTC and look for any other windows that it may spawn afterward on top of that.

Following such privacy concerns, even Facebook CEO Mark Zuckerberg and former FBI director James Comey admitted that they put tape on their laptops just to be on the safer side.

Although putting a tape over your webcam would not stop hackers or government spying agencies from recording your voice, at least, it would prevent them from watching or capturing your live visual feeds.

If you want to block your camera and Microphone, follow the steps given below:

To improve your Chrome security settings, go to the Settings area, which can be accessed in the top right corner of the browser.

WebRTC-1 Click on Settings –> Advanced Settings –> Content Settings –> Block Camera and Microphone

or  type in the Chrome browser chrome://settings/content –> Block Camera and Microphone.

What Is My Browser – Displays fingerprinting information such as the local and remote IP address, browser, plugins, location, screen resolution and more.

http://ip-check.info/?lang=en << JonDonym

Happy and Safe browsing 🙂

Source: ghacksthehackernewsslimjettwilio,  heimdalsecurity

 

How to Remove Password from PDF Files

We receive password protected bank statements, credit card statements, mobile bills and salary slips every month. It’s quite OK to have passwords for PDF files that we rarely use but the situation changes as we use the file more frequently. It can be monotonous and tiresome to type the password each time you need to open the PDF file. Even sometimes we need to share these PDF files, in such cases, we can remove the password protection from a PDF file by decrypting it. PDF decryption is very easy but requires specialized software to do that. In this tutorial, we will see how to remove password from PDF file in a distinct method. The easiest and recommended way to remove password is using the Google Chrome browser.

  1. Drag and drop password protected PDF file into Google Chrome browser.
  2. Google Chrome will now prompt you to enter the password of the file. Enter the password and hit Enter to open the file.
  3. Now go to the File menu in Google Chrome and choose Print (or press Ctrl+P on Windows or Cmd+P on Mac). Choose the destination printer as “Save as PDF” and click the Save

Google Chrome will now save the PDF to your PC but without the password protection. If you re-open this PDF , it will open without  prompting password.

source: sandeep singh, Codegena

Top free tools for every Windows desktop

  • 1.   7-Zip:Every desktop user needs 7-Zip. While Windows 8 (finally!) added the ability to look into ISO files — you still need 7-Zip to see them in Win7 — Win8’s Windows Explorer still doesn’t support RAR compressed files, which are becoming more common as Mac use continues to rise. 7-Zip also creates password-protected Zip files, as well as self-extracting Zips.

     You don’t need to register or pay for 7-Zip. To download go to 7-zip.org

   2.  CCleaner:

CCleaner is the number-one tool for cleaning your Windows PC. It protects your privacy online and makes your       computer faster and more secure. Easy to use and a small, fast download.

It removes unused files from your system – allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully               featured registry cleaner. But the best part is that it’s fast (normally taking less than a second to run)

 Cleans the following:

 Internet Explorer
Temporary files, history, cookies, super cookies, Autocomplete form history, index.dat files.

 Firefox
Temporary files, history, cookies, super cookies, download history, form history.

 Google Chrome
Temporary files, history, cookies, super cookies, download history, form history.

  Opera
Temporary files, history, cookies, super cookies, download history.

Safari

 Temporary files, history, cookies, super cookies, form history.

Other Supported Browsers
K-Meleon, Rockmelt, Flock, Google Chrome Canary, Chromium, SeaMonkey, Chrome Plus, SRWare Iron, Pale Moon, Phoenix, Netscape Navigator, Avant and Maxthon.

 Windows
Recycle Bin, Recent Documents, Temporary files, Log files, Clipboard, DNS Cache, Error Reporting, Memory Dumps, Jump Lists.

  Registry Cleaner
Advanced features to remove unused and old entries, including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more…

Third-party applications

Removes temp files and recent file lists (MRUs) from many apps including Windows Media Player, eMule, Google                 Toolbar, Microsoft Office, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and many more…

   3.    Auslogics Duplicate File Finder:

Auslogics Duplicate File Finder is a basic program that allows users to find and delete duplicate files taking                             up valuable space on their hard drives.

Auslogics Duplicate File Finder is free. It installs and uninstalls without issues. I recommend this program to all                  users; even those with limited system maintenance experience will find it easy to use.

Auslogic

 4. VLC Media Player:

Simple, fast and powerful media player.

Plays everything: Files, Discs, Webcams, Devices and Streams.

Plays most codecs with no codec packs needed:

MPEG-2, DivX, H.264, MKV, WebM, WMV, MP3…

Runs on all platforms: Windows, Linux, Mac OS X, Unix…

Completely Free, no spyware, no ads and no user tracking.

Can do media conversion and streaming. Download VLC player VLC

 5. Revo Uninstaller:  

         well and truly uninstalls programs, and it does so in an unexpected way. When you use Revo, it runs the program’s           uninstaller and watches while the Uninstaller works, looking for the location of the program files and for Registry               keys that the uninstaller zaps. It then goes in and removes leftover pieces, based on the locations and keys that the           program’s Uninstaller took out. Revo also consults its own internal database for commonly-left-behind bits, and                 roots those out as well. To download go to Revo Uninstaller

 6. Recuva:

Recuva recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3                                      player. Recuva works on any re-writable media you have.

reuva_logo

If you listen to music on an iPod, Recuva can recover files directly from the iPod’s drive. Even though you can’t                  access files on your iPod directly, Recuva can. You don’t have to worry about losing music from iTunes or your iPod        anymore. To download go to Recuva

  7.  Kaspersky TDSSKiller:

The name may lead you to believe that TDSSKiller kills the TDSS rootkit, but the product does much more simply               because so many common rootkits are based on, or derived from, TDSS. The current version detects and removes             SST, Pihar, ZeroAccess, Sinowal, Whistler, Phanta, Trup, Stoned, RLoader, Cmoser, and Cidox. Unlike most rootkit             killers, this one runs in Windows.

kaspersky

To run the program, fill out the form on the TDSSKiller page, wait for Kaspersky to send you a download link.                       Download the program and run it — no installer, just an EXE. If any rootkits are found, you’ll be given the                               opportunity to Delete/Cure, Copy to quarantine, or Skip each identified interloper.

To download go to Kaspersky TDSSKiller

  8. YTD Video Downloader: 

YTD Video Downloader is a great solution to grab the media you need, straight from YouTube, Facebook, Vimeo and       60+ other websites. YTD allows you to manage downloads and conversions on the fly.

YTD Video Downloader

      KEY  FEATURES  INCLUDE

  • Video Conversion: With YTD you can convert video media to 9 different formats including WMV, AVI and MP3.
  • Conversion Quality: YTD allows you to convert video files in 5 different qualities.
  • Audio Only: With YTD you can grab a video file and then covert the file to audio-only in an MP3 format.

To download go to YTD Video Downloader

9.  Secunia PSI: 

The Secunia Personal Software Inspector (PSI) is a free computer security solution that identifies vulnerabilities in            non-Microsoft (third-party) programs which can leave your PC open to attacks.

Simply put, it scans software on your system and identifies programs in need of security updates to safeguard your     PC against cybercriminals. It then supplies your computer with the necessary software security updates to keep it       safe. The Secunia PSI even automates the updates for your insecure programs, making it a lot easier for you to  maintain a secure PC.

Using a scanner like Secunia PSI 3.0 is complementary to antivirus software, and as a free computer security program, is essential for every home computer.

10. Malwarebytes: 

Malwarebytes is different. The free version is designed to run manually — I run mine once a week. Malwarebytes       picks up all sorts of creepy crawlies that get past AV programs. When combined with the support on the                                   Malwarebytes forum, Malwarebytes is the ultimate fallback for infected systems — whether you know they’re infected       or not. To download go to Malwarebytes.

malwarebytes

Source:  itworld

Pwnium 2

Pwnium 2

 After the success of the first Pwnium competition held earlier this year, Google has announced the second Pwnium competition; in this Pwnium 2, Google had increased its bug bounty offering to security researchers.

This time it’s putting a total of $2 million in rewards on the table for anyone who can find bugs in its browser, exploit them, and tell Google’s security team the details of their techniques.

The Pwnium 2 will be held on Oct 10th, 2012 at the Hack In The Box 10 year anniversary conference in Kuala Lumpur, Malaysia.

Google is offering up to $60,000 for a single working Chrome exploit. While several other companies including Mozilla, PayPal and Facebook offer bug bounties, none publicly offers such a high sum.

This time, Google sponsoring up to $2 million worth of rewards at the following reward levels:

  • $60,000: “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself. 
  • $50,000: “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows kernel bug. 
  • $40,000: “Non-Chrome exploit”: Flash / Windows / other. Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. 
  • $Panel decision: “Incomplete exploit”: An exploit that is not reliable, or an incomplete exploit chain. For example, code execution inside the sandbox but no sandbox escape; or a working sandbox escape in isolation. For Pwnium 2, Google want to reward people who get “part way” as we could definitely learn from this work. Google rewards panel will judge any such works as generously as they can. 

Exploits should be demonstrated against the latest stable version of Chrome. Chrome and the underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we’ll be giving away to the best entry.) Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel i.e. not known or fixed on trunk. 

source: ehackingnews, google

Chrome vs IE vs Firefox

Browser Security Comparison:

Which is the most secure browser around? According to a newly released study by Accuvant, that’s Google’s Chrome.

New study claims that Chrome is the most secure browser.

From the cellular phone to the desktop, the web browser has become a ubiquitous piece of software in modern computing devices. These same browsers have become increasingly complex over the years, not only parsing plaintext and HTML, but images, videos and other complex protocols and file formats. Modern complexities have brought along security vulnerabilities, which in turn attracted malware authors and criminals to exploit the vulnerabilities and compromise end-user systems.

Google Chrome:

Google, Inc. develops the Google Chrome web browser. Google released the first stable version of Chrome on December 11, 2008. Chrome uses the Chromium interface for rendering, the Web Kit layout engine and the V8 Java Script engine. The components of Chrome are distributed under various open source licenses. Google Chrome versions 12 (12.0.724.122) and 13 (13.0.782.218) was evaluated in this project.

 Microsoft Internet Explorer:

 Microsoft develops the Internet Explorer web browser. Microsoft released the first version of Internet Explorer on August 16, 1995. Internet Explorer is installed by default in most current versions of Microsoft Windows, and components of Internet Explorer are inseparable from the underlying operating system. Microsoft Internet Explorer and its components are closed source applications. Internet Explorer 9 (9.0.8112.16421) was evaluated in this project.

 Mozilla Firefox:

Mozilla develops the Firefox web browser. Mozilla released the first version was released on September 23, 2002. Firefox uses the Gecko layout engine and the Spider Monkey JavaScript engine. The components of Firefox are released under various open source licenses. Firefox 5 (5.0.1) was evaluated for this project.

Total vulnerability counts for each browser
Vulnerabilities by severity for each browser

Time to Patch:

The amount of time it takes for a vendor to go from vulnerability awareness to a fix can be seen as a security commitment indicator. However, the reality is not so simple. Internet Explorer has such a deep integration with the Windows operating system that a change in Internet Explorer can have repercussions throughout a much larger code base. In short, the average time to patch is less indicative of a commitment to patch, as it is of complications with providing a good patch.

It is clear that Microsoft’s average time to patch is the slowest. To be fair, this information was based on a much smaller sample set than Firefox and Chrome. Even worse, it may be possible that the advisories for these vulnerabilities had timeline information only because of the fact that they had taken so long to patch.

 Firefox comes in second, taking an average of 50 days less than Microsoft to issue a patch. The browser with the fastest average time to patch is Chrome. With an average of 53 days to patch vulnerabilities, they are nearly three times faster than Firefox and slightly more than four times faster than Microsoft.

Average time to patch for all three browsers

URL Blacklist Services:

The stated intent of URL blacklisting services is to protect a user from him or herself. When a link is clicked inadvertently, via a phishing email or other un-trusted source, the browser warns the user “are you sure?” and displays a warning that the site might be unsafe based on a list of unsafe URLs regularly updated as new malware sites go live and are taken offline. Microsoft’s URL Reporting Service (from here forward, “URS”), formerly “Phishing Filter”, referred to in the browser application as “Smart Screen Filter”, was the first to provide this feature, with Google’s Safe Browsing List (“SBL”) following suit later, utilized initially by Mozilla Firefox, and now by Chrome as well as Safari.

Blacklist overview
Sandbox overview
JIT hardening overview

Conclusion:

A sandbox is a mechanism of isolating objects/threads/processes from each other in an attempt to control access to various resources on a system.

Address Space Layout Randomization (ASLR) attempts to make it harder for attackers to answer the question ‘where do I go’. By taking away the assumption of known locations (addresses), the process implementing ASLR makes it much more difficult for an attacker to use well-known addresses as exploitation primitives. One key weakness of ASLR is the ability for one module to ruin it for the rest, a weak link in an overall strong chain.

Data Execution Prevention (DEP) is one of the first steps in compromising a system is achieving arbitrary code execution, the ability run code provided by the attacker. During traditional exploitation scenarios, this is achieved by providing the compromised application with shell code, data furnished by the attacker to be run as code. Data Execution Prevention (DEP) addresses the problem of having data run as code directly. DEP establishes rules that state: “Only certain regions of memory in which actual code resides may execute code. Safeguard the other areas by stating that they are non-executable”.

 Stack Cookies (/GS) are the common programming errors, archaic APIs and trusted user input, stack-based buffer overflows have been leveraged to gain code execution on Intel-based architecture.

 The URL blacklistingservices offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti-exploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sand-boxing architectures are implemented in a more thorough and comprehensive manner.

In conclusion, overall browser security needs to be considered when attempting to compare browsers from a security standpoint. Drawing conclusions based solely on one category of protection, such as blacklisted URL statistics, doesn’t give a valid perspective on which browser is most secure. Instead, they should be considered in the context of other mechanisms such as anti-exploitation technologies and malicious plug-in protection, which play a more important role in protecting end users from exploits and persistent malware. By these measures, Google Chrome to be the web browser that is most secured against attack.

source: accuvant

Google Chrome hacked with sandbox bypass

Google Chrome hacked with sandbox bypass:

VANCOUVER — A Russian university student hacked into a fully patched Windows 7 machine (64-bit) using a remote code execution vulnerability/exploit in Google’s Chrome web browser.

The attack, which included a Chrome sandbox bypass, was the handiwork of Sergey Glazunov, a security researcher who regularly finds and reports Chrome security holes.

Glazunov scored a $60,000 payday for the exploit, which targeted two distinct zero-day vulnerabilities in the Chrome extension sub-system.  The cash prize was part of Google’s new Pwnium hacker contest which is being run this year as an alternative to the more well-known Pwn2Own challenge.

According to Justin Schuh, a member of the Chrome security team, Glazunov’s exploit was specific to Chrome and bypassed the browser sandbox entirely.  ”It didn’t break out of the sandbox [but] it avoided the sandbox,” Schuh said in an interview.

Schuh described the attack as “very impressive” and made it clear that the exploit “could have done anything” on the infected machine.  ”He (Glazunov) executed code with full permission of the logged on user.”

“It was an impressive exploit.  It required a deep understanding of how Chrome works,” Schuh added. ”This is not a trivial thing to do.  It’s a very difficult and that’s why we’re paying $60,000.

Glazunov is a regular contributor to Google’s bug bounty program and Schuh raved about the quality of his research work.

Schuh said Glazunov once submitted a similar sandbox bypass bug but stressed that these kinds of full code execution that executes code outside the browser sandbox form a very small percentage of bug submissions.

Less than 24 hours after Sergey Glazunov hacked into a fully patched Windows 7 machine with a pair of Chrome zero-day flaws, Google rushed out a patch for Windows, Mac OS X, Linux and Chrome Frame users.

Technical details of the vulnerabilities are being kept under wraps until the patch is pushed out via the browser’s silent/automatic update mechanism.

According to Google’s advisory, the flaws related to universal cross-site scripting (UXSS) and bad history navigation.

  • [Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

Glazunov’s exploit also bypassed the Chrome sandbox to execute code with full permissions of the logged on user.

The Google browser was also popped by a hacking team from VUPEN and there’s speculation that a vulnerability in the Flash Player plugin was exploited in that attack.  VUPEN co-founder Chaouki Bekrar told that the flaw existed in the default installation of Chrome but declined to say if the faulty code was created by Google or a third-party vendor.

The Flash Player plugin in Chrome runs in a weaker sandbox than the full browser and has always been a tempting target for attackers.

Google is working on putting Flash within the more robust plugin and  this will happen before the end of this year.

source: zdnet,chromium,pwnium