Issue metadata
Sign in to add a comment
|
chrome 49.0.2623.108 within the suspicious search path vulnerability.
Reported by
chenjie2...@gmail.com,
Mar 29 2016
|
||||||||||||||||||
Issue descriptionchrome 49.0.2623.108 within the suspicious search path vulnerability. Local users kbdus.dll Trojan file in the current directory, and can be upgraded.
,
Mar 29 2016
Thank you for your report. Can you be more specific about the vulnerability? Where does kdbus.dll have to be placed?
,
Mar 29 2016
Anyone with the ability to write to Chrome's program directory is already running at a privilege level that they could bypass anything Chrome could do to prevent it e.g. place or modify operating system files, install a backdoor etc etc. Chrome cannot defend itself against this type of attack and it is specifically excluded from our threat model. See https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-
,
Mar 29 2016
oh , i know ..3q
,
Mar 29 2016
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by chenjie2...@gmail.com
, Mar 29 2016