Bach Khoa Internetwork Security, a security-research firm in Vietnam, claims to be the first to discover a critical vulnerability in Google’s Chrome browser.
“This is the first critical Chrome vulnerability permitting [a] hacker to perform a remote code-execution attack and take complete control of the affected system,” the firm wrote in its Sept. 5 advisory. While four Chrome vulnerabilities were discovered, Bach Khoa said the “Save As” flaw is the only one that can allow an attacker to launch remote attacks from a victim’s PC. Other vulnerabilities just crash the browser.
The vulnerability is caused by a boundary error when handling the “Save As” function. When a user saves a malicious page with a title tag in the HTML code, the program causes a stack-based overflow, according to Bach Khoa. A hacker could construct a specially crafted Web page that contains malicious code, trick a user into visiting that Web site, and
convince the user to save the page. That will execute the code and give the attacker privileges to remotely use the infected system.
A Google spokesperson said, “”We have released a fix to address this vulnerability. Users will get this fix through an automated update to the browser, so they will not have to take any action to be protected.”
Well I haven’t got any fix till now, atleast I didn’t see my Google Chrome updating atleast.
Read more on this news….
I have started http://gtalkbots.com , based on the example demonstrated here. Try out and Help spreading the word.
I am not a big fan of twitter, but after I heard they do something similar to what I will be demonstrating here. I thought of building this one out. So here is my demo application, also known as GTalk Chat Bot.
Do the following things to get started:
- Add [email protected] in your GTalk Messenger.
- It will collect your status messages as and when you change them.
- You can view all your status messages by visiting this URL : http://abhinavsingh.com/webdemos/chatbot/
- The status messages will reflect at the above URL by the end of the day. (I had to do this because the server where I have my bot running i.e. my VPS is different from where my personal site is hosted, hence we have this restriction)
- Come back anytime after a day and you can see your status messages over time.
I am currently testing this application, which is running 99.99% bug free. Once I am satisfied with it, I will put the code for download with a possible explaination.
Meanwhile enjoy the bot.