Chrome extensions crocked with simple attack

Status
Not open for further replies.
L

LabZero

Thread author
Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page.

Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted without requiring intervention.

"After some hours of analysis I managed to disable it (HTTPS Everywhere) by just viewing a HTML page," Karlsson says.

"In fact, I managed to disable any extension and most without any user interaction."

Karlsson published a proof-of-concept attack that will disable HTTPS Everywhere by corrupting it.

The flaw does not reside in the extension and affects users who have not applied automatic Chrome updates.

54457457457.jpg

Borked

Extensions are corrupted when websites attempt to access the Chrome extension URI handler. A malicious link can be constructed to issue ping attribute requests triggering corruption when users click.

Read more: http://www.theregister.co.uk/2015/08/03/detectify_disabling_chrome_extensions_https_everywhere/
 

MagicTrout

Level 1
Verified
Jun 20, 2015
24
I was thinking about making the change to Opera anyway ever since NPAPI plugins aren't supported meaning I can't play BF4 through Chrome
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top