[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Bypassing Google Chrome 4 Javascript Filter
From: Manuel__Fernández_Fernández
Date: 2010-05-26 8:38:00
Message-ID: 43170596EEB8A1418A45AA8BF3205C230E3DDF2201 () Fenix ! i64 ! local
[Download RAW message or body]
Bypassing Google Chrome 4 Javascript Filter
===========================================
Google Chrome 4 included a new Javascript Filter which allows users to disallow javascript in \
websites. This filter doesn´t allow to web sites to execute any Javascript code if the web site \
is accessed directly. This protection, can be easily bypassed since it only is applied when the \
web site is accessed as the main page. This means, if the blocked domain site is used in an \
iframe object, then the Javascript filter doesn´t block any Javascript code.
POC in Spanish (http://elladodelmal.blogspot.com/2010/05/google-chrome-4-bypassing-javascript.html).
POC in English (http://www.informatica64.com/recursos/Bypassing_Google_Chrome_4_Javascript_Filter.pdf).
Manuel Fernández
Security Consultant
Informática64
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic