Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Bypassing Google Chrome 4 Javascript Filter

From: Manuel Fernández Fernández <mfernandez () informatica64 com>
Date: Wed, 26 May 2010 10:38:00 +0200
Bypassing Google Chrome 4 Javascript Filter
===========================================

Google Chrome 4 included a new Javascript Filter which allows users to disallow javascript in websites. This filter 
doesn´t allow to web sites to execute any Javascript code if the web site is accessed directly.
This protection, can be easily bypassed since it only is applied when the web site is accessed as the main page. This 
means, if the blocked domain site is used in an iframe object, then the Javascript filter doesn´t block any Javascript 
code.

POC in Spanish (http://elladodelmal.blogspot.com/2010/05/google-chrome-4-bypassing-javascript.html).
POC in English (http://www.informatica64.com/recursos/Bypassing_Google_Chrome_4_Javascript_Filter.pdf).

Manuel Fernández
Security Consultant
Informática64

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: