Issue metadata
Sign in to add a comment
|
Security: Chrome OS Infected Malware?
Reported by
crew.not...@rocklinusd.org,
Mar 24 2016
|
||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please see the following link for instructions on filing security bugs: http://www.chromium.org/Home/chromium-security/reporting-security-bugs VULNERABILITY DETAILS Please provide a brief explanation of the security issue. The Chrome base browser is infected with some type of malware or remnants of malware (e.g. maybe not completely removed by the AV software during compiling) All Chrome Browsers I have used try to communicate with 3 different URLs that are completely encoded and are never the same. I was using fiddler on 3 different systems (2 home pcs and 1 work). All our current on AV and patches and no scans resulted in any findings. I left all 3 browser types IE, FF and Chrome open all night thru fiddler and only Chrome showed outgoing requests to the following URLs: HEAD http://vqcsrztub/ HTTP/1.1 Host: vqcsrztub Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.108 Safari/537.36 Accept-Encoding: gzip, deflate HEAD http://mjszfuhqiwttjd/ HTTP/1.1 Host: mjszfuhqiwttjd Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.108 Safari/537.36 Accept-Encoding: gzip, deflate HEAD http://mwfobzjxqynzi/ HTTP/1.1 Host: mwfobzjxqynzi Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.108 Safari/537.36 Accept-Encoding: gzip, deflate Again, this is a new install of chrome, no sites were attempted other than just opening Chrome. As I mentioned, I opened Chrome on my work system and same thing- however the URLs were different, but still grouped in 3s. I have attached my fiddler sessions files so you can see what I am talking about. Please call my cell phone for more information, and if you want a copy of my fiddler file from my work system. My work address is mailto:hanson.nottingham@blueshieldca.com This is my son's school email... oh, my cell is 916 316 3523. Best Regards, Hanson CISSP, GCIH, CEH, MCSE VERSION Chrome Version: [x.x.x.x] + [stable, beta, or dev] Operating System: [Please indicate OS, version, and service pack level] REPRODUCTION CASE Please include a demonstration of the security bug, such as an attached HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE make the file as small as possible and remove any content not required to demonstrate the bug. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: [tab, browser, etc.] Crash State: [see link above: stack trace, registers, exception record] Client ID (if relevant): [see link above]
,
Mar 24 2016
omg... seriously. wow! cray cray... that is nuts. But I see the pros on it. Thank you much. Cheers, Hanson
,
Mar 25 2016
as per comment #1 this is working as intended.
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by mea...@chromium.org
, Mar 24 2016