Issue 2877: Advisory - Google Chrome Window Object Suppressing Denial of Service http://code.google.com/p/chromium/issues/detail?id=2877
New issue report by Adi.ZeroK: *Issue:*** The Google chrome browser is vulnerable to window object based denial of service attack. The Google Chrome fails to sanitize a check when window.close() function is called. The window.close() function is called in a suppressed manner by default which makes it vulnerable to denial of service attack. This inability of Google Chrome diversifies the attack pattern as number of events can execute this function without a security check,prompting a user to allow the event to trigger. This security issue is a result of design flaw in the browser.Scripts must not close windows that were not opened by script, if script specific code is designed.. *Proof of Concept* *http://www.secniche.org/gws/gws.zip* <http://www.secniche.org/gws> **http://www.secniche.org/gws/gws.rar* <http://www.secniche.org/gws>* Your response awaited asap. Regards Aditya K Sood http://www.secniche.org Issue attributes: Status: Unconfirmed Owner: [EMAIL PROTECTED] Labels: Type-Bug Pri-2 OS-All Area-Unknown -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
