Tag: Windows 7

Google extends Chrome support for Windows 7

· Leave a comment ·

Google has decided to extend Chrome support for Windows 7 for another six months beyond its original plan in order to give customers more time if their Windows 10 migration plans were delayed by the COVID-19 pandemic. 

In January, Google said Chrome support would continue until at least July 2021, but that was a few months before the pandemic struck. 

Google has now confirmed that Chrome will support Windows 7 until at least January 15, 2022. After that date customers cannot be guaranteed of receiving security updates for Chrome on Windows 7. 

Microsoft ended free support of Windows 7 on January 14, 2020. However, businesses had the option to pay for Extended Security Updates for Windows 7.

Organizations in some sectors such as healthcare struggled to upgrade to Windows 10 by the that deadline. 

Source: zdnet, flaticon

The End Of Life (EOL) for Windows 7

· Leave a comment ·

A new reminder for those who are still holding on to the Windows 7 operating system, you have 9 months left until Microsoft ends support for its 9-year-old operating system, i.e. on January 14, 2020.

Windows-7

This was actually supposed to have happened already, but due to many industries with applications that do not support anything above Windows 7, the EOL date was extended. However, as with everything, the end has come.

With the Windows 7 End of Life date now rapidly approaching, Microsoft is keen to make sure people know that support for the operating system is ending, and wants to encourage people to move from the operating system.

So, the company is releasing an update to Windows 7 – KB4493132 – which will display notifications reminding Windows 7 users to upgrade to Windows 10 before the End of Life date.

Microsoft actually ended mainstream support for Windows 7 on January 13, 2015, which meant new features stopped being added, and warranty claims were no longer valid.

However, during the extended support phase, which Windows 7 entered after the end of its mainstream support, the operating system has still been patched and updated to make sure security issues and bugs are fixed.

Windows 7 End of Life: what happens next?

When Windows 7 reaches its End of Life phase on January 14, 2020, Microsoft will stop releasing updates and patches for the operating system. It’s likely that it also won’t offer help and support if you encounter any problems.

However, that doesn’t mean Windows 7 will stop working on January 14, 2020 – you’ll still be able to use Windows 7 for as long as you want. So the good news is that you’re not going to wake up on January 15 to find your Windows 7 PC no longer boots up.

But just because you can continue to use Windows 7 in its End of Life status, it doesn’t mean you should.

The biggest issue with continuing to use Windows 7 is that it won’t be patched for any new viruses or security problems once it enters End of Life, and this leaves you extremely vulnerable to any emerging threats.

What’s more, if a large number of people continue to use Windows 7 after the End of Life date, that could actually be a big incentive for malicious users to target viruses and other nasties at Windows 7.

So, while Windows 7 will continue to work after January 14, 2020, you should start planning to upgrade to Windows 10, or an alternative operating system, as soon as possible.

Windows 7 End of Life: what should you do?

So, if you still use Windows 7, what should you do? There are a number of things I would recommend you do in preparation for Windows 7 End of Life, and the first is to consider upgrading to a newer operating system.

While you have a number of choices when moving operating systems, for many people, the obvious and simplest option is to upgrade to Windows 10.

Windows 7 End of Life: upgrading to Windows 10

Upgrading from Windows 7 to Windows 10 has a number of benefits. For a start, because both operating systems are made by Microsoft the upgrade process is relatively easy, and in many cases, you can keep your files on your PC.

Windows 7 End of Life: moving to Linux

The most cost-effective way of preparing for Windows 7 End of Life is to switch operating systems altogether and install Linux on your machine.

Windows 7 End of Life: switch to Mac

Finally, you could use Windows 7’s End of Life as a reason to dip your toe into Apple’s ecosystem. Apple has a well-deserved reputation for building gorgeously-designed hardware that uses its macOS operating system, which is both easy to use and secure against internet threats.

Windows 7 End of Life: back up your documents

No matter which route you take, you should make sure that your documents are safely backed up. If you’re upgrading to Windows 10 from Windows 7 on the same machine the transfer of your files is part of the process, but it’s best to back up just in case something goes wrong.

Source: irissol, the hackernews, techradar

Stop using the insecure SMBv1/SMB1 protocol

· Leave a comment ·

The recent WannaCry ransomware outbreak spread because of a vulnerability in one of the internet’s most ancient networking protocols, Server Message Block version 1 (aka SMBv1 / SMB 1).

Barry Feigenbaum originally designed SMB at IBM. Microsoft has made considerable modifications to the most commonly used version. Microsoft merged the SMB protocol with the LAN Manager product.

The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for the world that no longer exists. The world without malicious actors, without vast sets of important data, without near-universal computer usage. Frankly, its naivete is staggering when viewed through modern eyes.

The Server Message Block, or SMB, protocol is a file sharing protocol that allows operating systems and applications to read and write data to a system. It also allows a system to request services from a server.

This is the protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

In computer networkingServer Message Block (SMB), one version of which was also known as Common Internet File System (CIFS) operates as an application-layer network protocol.

There have been numerous vulnerabilities tied to the use of Windows SMB v1, including remote code execution and denial-of-service exploits. These two vulnerabilities can leave a system crippled, or allow attackers to compromise a system using this vulnerable protocol.

Protocol Version Windows OS
SMB 1 Windows 2000, Windows 2003, Windows XP
SMB 2 Windows Server 2008 and Windows Vista SP1
SMB 2.1 Windows Server 2008 R2 and Windows 7
SMB 3.0 Windows Server 2012 and Windows 8
SMB 3.0.2 Windows Server 2012 R2 and Windows 8.1
SMB 3.1.1 Windows Server 2016 and Windows 10

SMB 1 protocol permits man-in-the-middle exploits and it “isn’t safe” to use. An attacker can use SMB 2 to pull information from the insecure SMB 1 protocol if it exists in a network.

The nasty bit is that no matter how you secure all these things if 
your clients use SMB1, then a man-in-the-middle can tell your client
to ignore all the above. All they need to do is block SMB2+ on 
themselves and answer to your server's name or IP.Your client will 
happily derp away on SMB1 and share all its darkest secrets unless
you required encryption on that share to prevent SMB1 in the first 
place. This is not theoretical-- we've seen it.

                 ~ Ned Pyle, a Principal Program Manager, Microsoft

 

How to remove SMB V1 /SMB 1 in Windows OS?

Windows 8.1 and Windows 10:

Method-1: Open Control Panel (just start typing Control in the search box to find its shortcut quickly). Click Programs, and then click Turn Windows features on or off (under the Programs heading). Or

Start –> Run –> Type appwiz.cpl –> press enter –> Click Turn Windows features on or off

Clear the check box for SMB 1.0/CIFS File Sharing Support, as shown here. That’s it; you’re protected.

SMB1

Method-2:  open a Windows PowerShell prompt with administrative privileges. In the Windows 10 Creators Update, version 1703, right-click the Start button and choose Windows PowerShell (Admin) from the Quick Link menu.) If you’re running an earlier Windows 10 version, enter Windows PowerShell in the search box, then right-click the Windows PowerShell shortcut and click Run as administrator. From that elevated PowerShell prompt, type the following command:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Press Enter and you’re done.

Note You must restart the computer after you make these changes.

Windows 2012 R2, and Windows Server 2016:

Method-1: Launch Server Manager from Command Line.

Press the Windows key + R to open the Run box, or open the Command Prompt. Type ServerManager and press Enter.

Run

Or Launch Server Manager from Taskbar

Task bar

On Server, the Server Manager approach:

image495

Method-2: On Server, the PowerShell approach (Remove-WindowsFeature FS-SMB1):

Remove-WindowsFeature Name FS-SMB1

image496

On legacy operating systems:

When using operating systems older than Windows 8.1 and Windows Server 2012 R2, you can’t remove SMB1 – but you can disable it.

Windows 8 and Windows Server 2012:

Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component. (A cmdlet is a lightweight command that is used in the Windows PowerShell environment.)

  • To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

  •  To enable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $true

 Windows Server 2008 R2 and Windows Server 2008:

To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.

Windows PowerShell 2.0 or a later version of PowerShell

  • To disable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 -Force

  • To enable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 1 -Force

 Note You must restart the computer after you make these changes.

Registry Editor:

Important

This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to backup, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:  322756 How to backup and restore the registry in Windows

To enable or disable SMBv1 on the SMB server, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled

Windows Vista, Windows 7, and Windows 8:

  • To disable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

  • To enable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto

Source: Microsoftzdnettechnet.microsoftredmondmagtop-password, techtargetwindowsitpro

There’s an important UPDATE that there’s no UPDATE

· Leave a comment ·

Microsoft blocking new security patches and updates for Windows 7 and Windows 8.1 users running the latest processors from Intel, AMD, Qualcomm, and others.

Don’t panic, this new policy doesn’t mean that all Windows 7 and 8.1 users will not be able to receive latest updates in general because Microsoft has promised to support Windows 7 until 2020, and Windows 8.1 until 2023.

But those who have upgraded their machines running older versions of Windows to the latest processors, or manually downgraded their new laptops to run Windows 7/8.1 would be out of luck.

Last week, Microsoft published Knowledge Base article, with the title “‘Your PC uses a processor that isn’t supported on this version of Windows’ error when you scan or download Windows updates”, suggesting that the restriction was now being enforced.

In the article, Microsoft describes the “symptoms” of the error as:

When you try to scan or download updates through Windows Update, you receive the following error message:

Unsupported Hardware
Your PC uses a processor that isn’t supported on this version of Windows and you won’t receive updates.

Additionally, you may see an error message on the Windows Update window that resembles the following:

Windows could not search for new updates
An error occurred while checking for new updates for your computer.
Error(s) found:
Code 80240037 Windows Update encountered an unknown error.

The “cause” of the error being:

This error occurs because new processor generations require the latest Windows version for support. For example, Windows 10 is the only Windows version that is supported on the following processor generations:

  • Intel seventh (7th)-generation processors (“Kaby Lake”) or a later generation
  • AMD “Bristol Ridge”
  • Qualcomm “8996”

Because of how this support policy is implemented, Windows 8.1 and Windows 7 devices that have a seventh generation or a later generation processor may no longer be able to scan or download updates through Windows Update or Microsoft Update.

Users would require upgrading their systems to the newest version of Windows, i.e. Windows 10, despite Windows 7 being supported to 2020 and Windows 8.1 to 2023.
Microsoft announced this limitation in January 2016, when the company said making Windows 7 and Windows 8.1 OSes run on the latest processors was “challenging.”

“For Windows 7 to run on any modern silicon, device drivers and firmware need to emulate Windows 7’s expectations for interrupt processing, bus support, and power states- which is challenging for Wi-Fi, graphics, security, and more,” Terry Myerson, VP of Microsoft’s Windows and Devices Group, said last year.

The initial announcement also included PCs that use 6th-generation Intel processors (“Skylake”), but Microsoft backed off on its plan and released a list of Skylake-based systems that will be fully supported to receive security updates through the official end of support phase for Windows 7 and Windows 8.1, i.e. January 14, 2020, and January 10, 2023, respectively.

This end of updates for new devices doesn’t come as a surprise to some PC owners, as Microsoft is making every effort to run its latest Windows on all Windows computers since the launch of Windows 10.

An alarm for those still running Windows Vista on their machines: The operating system will no longer receive security updates, non-security hotfixes, paid assisted supports, or online technical updates from Microsoft beginning April 11, 2017.

So, it’s high time for Windows Vista users to upgrade their PCs to the latest version of Windows operating system in order to protect your devices from malware or other security threats.

Source: Microsoft, The hacker news, Beta News

How to: Determine Which .NET Framework Versions Are Installed

· Leave a comment ·

Users can install and run multiple versions of the .NET Framework on their computers. When you develop or deploy your app, you might need to know which .NET Framework versions are installed on the user’s computer.

Note that the .NET Framework consists of two main components, which are versioned separately:

  • A set of assemblies, which are collections of types and resources that provide the functionality for your apps. The .NET Framework and assemblies share the same version number.
  • The common language runtime (CLR), which manages and executes your app’s code. The CLR is identified by its own version number.

To get an accurate list of the .NET Framework versions installed on a computer, you can view the registry.

To find .NET Framework versions by viewing the registry (.NET Framework 1-4)

  1. On the Start menu, choose Run.
  2. In the Open box, enter regedit.exe.

You must have administrative credentials to run regedit.exe.

3. In the Registry Editor, open the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP

The installed versions are listed under the NDP subkey. The version number is stored in the Version entry. For the .NET Framework 4 the Version entry is under the Client or Full subkey (under NDP), or under both subkeys.

1 Frame work

To find .NET Framework versions by viewing the registry (.NET Framework 4.5 and later)

  1. On the Start menu, choose Run.
  2. In the Open box, enter regedit.exe.

You must have administrative credentials to run regedit.exe.

3. In the Registry Editor, open the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\V4\Full

Note that the path to the Full subkey includes the subkey Net Framework rather than .NET Framework.

2 Framework

Check for a DWORD value named Release. The existence of the Release DWORD indicates that the .NET Framework 4.5 or newer has been installed on that computer.

IC664979

The value of the Release DWORD indicates which version of the .NET Framework is installed.

Net Frame work

Source: Microsoft

You cannot modify the Hosts file or the Lmhosts file in Windows 7 and Windows 10

· 1 Comment ·

When you try to change the Hosts file or the Lmhosts file in Microsoft Windows 10, or Windows 7, you may receive an error message that resembles either of the following.

Error message 1

Access to C:\Windows\System32\drivers\etc\ hosts was denied

Error message 2

Cannot create the C:\Windows\System32\drivers\etc\hosts file.
Make sure that the path and file name are correct.

This issue occurs even though you log on by using an account that has administrative credentials.

WORKAROUND

 

To work around this issue, follow these steps:

  • Click Start 1, click All Programs, click Accessories, right-click Notepad, and then click Run as administrator.

2If you are prompted for an administrator password or for a confirmation, type the    password, or click Allow or Yes.

  • Open the Hosts file or the Lmhosts file, make the necessary changes, and then click Save on the Edit  If using Windows 7, you will need to click Save on the File menu.

source: Microsoft

How to find system up-time on Windows 7, 8 & 2008 Server

· 2 Comments ·

If you leave your computer on for extended periods of time, it’s usually a good idea to perform a reboot now and then. Furthermore, if you’re managing multiple computers, it’s difficult to remember when each received a reboot. That’s why Windows keeps track of your total up-time and the last time your computer booted for you. Here’s how to access those pieces of information:

To find total up-time:

Step 1: Launch the task manager. You can do this in one of three ways:

Choice 1: Press Ctrl+Alt+Delete. On the screen that appears, select Start Task Manager.

Choice 2: Right click on the taskbar and select Start Task Manager.

Choice 3: Press CtrlL+Shift+Esc to launch the task manager directly.

Step 2: In this window, click on the Performance tab.

Task Manager-1

Task Manager

Step 3:  Your system’s up-time is displayed next to Up Time (highlighted in the above picture) in the format of Days: Hours: Minutes: Seconds

To find last boot date:

Go to Start  –> Run –> cmd

cmd

In the command prompt, run the following commands: systeminfo | find /i “Boot Time”

-or-

systeminfo | find “Time:”

-or-

systeminfo | find “System Boot Time”

cmd-1

Cheers,

Happy Computing 🙂

source: cnet, superuser, serverfault

Microsoft Names Satya Nadella Its New CEO

· Leave a comment ·

Microsoft Names Satya Nadella Its New CEO:

Microsoft Corp.  Announced that its Board of Directors has appointed Satya Nadella as Chief Executive Officer and a member of the Board of Directors effective immediately.  Before being named CEO in February 2014, Nadella held leadership roles in both enterprise and consumer businesses across the company.

Satya Nadella

Joining Microsoft in 1992, he quickly became known as a leader who could span a breadth of technologies and businesses to transform some of Microsoft’s biggest product offerings.

Most recently, Nadella was executive vice president of Microsoft’s Cloud and Enterprise group. In this role he led the transformation to the cloud infrastructure and services business, which outperformed the market and took share from the competition. Previously, Nadella led R&D for the Online Services Division and was vice president of the Microsoft Business Division. Before joining Microsoft, Nadella was a member of the technology staff at Sun Microsystems.

Satya

Originally from Hyderabad, India, Nadella lives in Bellevue, Wash. He earned a bachelor’s degree in electrical engineering from Mangalore University, a master’s degree in computer science from the University of Wisconsin – Milwaukee and a master’s degree in business administration from the University of Chicago. He is married and has three children.

“During this time of transformation, there is no better person to lead Microsoft than Satya Nadella,” said Bill Gates, Microsoft’s Founder and Member of the Board of Directors. “Satya is a proven leader with hard-core engineering skills, business vision and the ability to bring people together. His vision for how technology will be used and experienced around the world is exactly what Microsoft needs as the company enters its next chapter of expanded product innovation and growth.”

Since joining the company in 1992, Nadella has spearheaded major strategies and technical shifts across the company’s portfolio of products and services, most notably the company’s move to the cloud and the development of one of the largest cloud infrastructures in the world supporting Bing, Xbox, Office and other services. During his tenure overseeing Microsoft’s Server and Tools Business, the division outperformed the market and took share from competitors.

all

Microsoft is one of those rare companies to have truly revolutionized the world through technology, and I couldn’t be more honoured to have been chosen to lead the company,” Nadella said. “The opportunity ahead for Microsoft is vast, but to seize it, we must focus clearly, move faster and continue to transform. A big part of my job is to accelerate our ability to bring innovative products to our customers more quickly.”

“Having worked with him for more than 20 years, I know that Satya is the right leader at the right time for Microsoft,” said Steve Ballmer, who announced on Aug. 23, 2013 that he would retire once a successor was named. “I’ve had the distinct privilege of working with the most talented employees and senior leadership team in the industry, and I know their passion and hunger for greatness will only grow stronger under Satya’s leadership.”

Microsoft also announced that Bill Gates, previously Chairman of the Board of Directors, will assume a new role on the Board as Founder and Technology Advisor, and will devote more time to the company, supporting Nadella in shaping technology and product direction. John Thompson, lead independent director for the Board of Directors, will assume the role of Chairman of the Board of Directors and remain an independent director on the Board.

Nadella addressed customers and partners for the first time as CEO during a Customer and Partner Webcast event.

https://az169342.vo.msecnd.net/events/2014/1402/PublicEvent/media/Customer_Partner_Webcast_1000k.mp4

How peoples’ lives are changed through Microsoft technology with a Super Bowl ad. This one-minute ad celebrates what technology can do, and is narrated by Steve Gleason, former NFL player and post-Katrina hero of the New Orleans Saints, now living with ALS. Steve narrates the spot in the same way he communicates daily — using his Surface Pro to speak, via eye tracking technology

Source: Microsoft

Microsoft warns of security risk:Disable Windows Sidebar and Gadgets on Vista and Windows 7

· 2 Comments ·

Microsoft recommending that all users disable the Windows Sidebar and Gadgets — immediately.

“Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets,” states a security advisory released July 10 by Microsoft.

An attacker who successfully exploited Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Gadget/widget:

Gadgets are those little mini-applications, resembling animated icons that hang around the desktop to tell you the time, weather, news headlines and so on. (Other software makers, including Apple and Yahoo!, call them “widgets.”)

Gadgets and the Windows Sidebar they live in, first appeared in 2007 as a default setting in Vista.

Windows 7 has Gadgets built in as well, but they’re turned off by default. Instead of being in a sidebar pinned to the right edge of the screen, Gadgets are in a floating window that can be placed anywhere on the desktop.

If you’re using Windows7 OS and want to see them, right-click on your desktop and select “Gadgets.”

The page where Microsoft used to host additional Gadgets for download now states, “The Windows website no longer hosts the gadget gallery.”

“Microsoft hasn’t issued a security patch to fix the vulnerability,” “They’re suggesting you completely nuke your Windows Sidebar and Gadgets.”

Applying the automated Microsoft Fix It solution described in Microsoft Knowledge Base Article 2719662 disables the Windows Sidebar experience and all Gadget functionality.

 Gadgets have not yet appeared in the preview versions of Windows 8, due this fall, and likely never will.

Click on the below link to download Microsoft Fix It.

http://support.microsoft.com/kb/2719662

Source: Microsoft, msn

Google Chrome hacked with sandbox bypass

· 3 Comments ·

Google Chrome hacked with sandbox bypass:

VANCOUVER — A Russian university student hacked into a fully patched Windows 7 machine (64-bit) using a remote code execution vulnerability/exploit in Google’s Chrome web browser.

The attack, which included a Chrome sandbox bypass, was the handiwork of Sergey Glazunov, a security researcher who regularly finds and reports Chrome security holes.

Glazunov scored a $60,000 payday for the exploit, which targeted two distinct zero-day vulnerabilities in the Chrome extension sub-system.  The cash prize was part of Google’s new Pwnium hacker contest which is being run this year as an alternative to the more well-known Pwn2Own challenge.

According to Justin Schuh, a member of the Chrome security team, Glazunov’s exploit was specific to Chrome and bypassed the browser sandbox entirely.  ”It didn’t break out of the sandbox [but] it avoided the sandbox,” Schuh said in an interview.

Schuh described the attack as “very impressive” and made it clear that the exploit “could have done anything” on the infected machine.  ”He (Glazunov) executed code with full permission of the logged on user.”

“It was an impressive exploit.  It required a deep understanding of how Chrome works,” Schuh added. ”This is not a trivial thing to do.  It’s a very difficult and that’s why we’re paying $60,000.

Glazunov is a regular contributor to Google’s bug bounty program and Schuh raved about the quality of his research work.

Schuh said Glazunov once submitted a similar sandbox bypass bug but stressed that these kinds of full code execution that executes code outside the browser sandbox form a very small percentage of bug submissions.

Less than 24 hours after Sergey Glazunov hacked into a fully patched Windows 7 machine with a pair of Chrome zero-day flaws, Google rushed out a patch for Windows, Mac OS X, Linux and Chrome Frame users.

Technical details of the vulnerabilities are being kept under wraps until the patch is pushed out via the browser’s silent/automatic update mechanism.

According to Google’s advisory, the flaws related to universal cross-site scripting (UXSS) and bad history navigation.

  • [Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

Glazunov’s exploit also bypassed the Chrome sandbox to execute code with full permissions of the logged on user.

The Google browser was also popped by a hacking team from VUPEN and there’s speculation that a vulnerability in the Flash Player plugin was exploited in that attack.  VUPEN co-founder Chaouki Bekrar told that the flaw existed in the default installation of Chrome but declined to say if the faulty code was created by Google or a third-party vendor.

The Flash Player plugin in Chrome runs in a weaker sandbox than the full browser and has always been a tempting target for attackers.

Google is working on putting Flash within the more robust plugin and  this will happen before the end of this year.

source: zdnet,chromium,pwnium