Hacker Pwnes Google Chrome’s Security Brags with a Plugin
By on July 9th, 2010

Google has made every attempt to keep Chrome secure and safe from hackers. However, it was only a question of days before someone outsmarted their annoying sandbox and today is the day.

Google Chrome has been hacked by a browser plugin! The plugin checks for login account details on Gmail, Twitter and Facebook and runs with the help of JQuery. Once again, this is a proof of concept hack and will not leak any information retrieved in the process.

The hack has exploited the access to DOM, which the plugins are allowed. The hack can also be used to steal cookies and hijack sessions as reported by the hacker Andreas Grech on his blog.

He writes,

The Google Chrome browser allows the installation of third-party extensions that are used to extend the browser to add new features. The extensions are written in JavaScript and HTML and allow manipulation of the DOM, amongst other features.

By allowing access to the DOM, an attacker can thus read form fields…including username and password fields. This is what sparked my idea of creating this PoC.

The extension I present here is very simple. Whenever a user submits a form, it tries to capture the username and password fields, sends me an email via an Ajax call to a script with these login details along with the URL and then proceeds to submit the form normally as to avoid detection.

Google Chrome’s sandbox for plugins just got pwned.

(Source)

Tags: , ,
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
  • http://www.bidetinternational.com Bidet

    Its only a matter of time till most things are hacked, the hackers are way too smart for the people creating the security then the company hires those hackers to do security for them.

  • http://adamdempsey.net Adam Dempsey

    The plugin sandbox is for protection from Plugins such as flash, java, silverlight etc, whereas this vulnerability has come from an extension, which a user has to agree to install, so a bit different :-)

  • smokes

    niice :)

    tho with this Chrome will be more secure ( i mean when they will fix this )

  • http://www.mezzi.com/ Aluminum Laptop Case

    Hacking anything related to Google has got to be satisfying. In this case it sounds like a rather big security loophole. Most people aren't too careful with which extensions they agree to install. So it would be easy to include this hack as part of another extension that they do want.

  • http://www.techarraz.com Chinmoy Kanjilal

    This hack was a proof of concept and worked on the local machine only. However, now that it is known that extensions can access DOM, people will try and write more hacks. Currently, the user needs to allow the extension this access.
    In short, it is not a serious security threat as long as you install extensions which are known to be safe.

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN