Issue metadata
Sign in to add a comment
|
DLL Injection
Reported by
mahendra...@gmail.com,
Apr 14 2016
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Found DLL injection in the google chrome. Successfully injected the injectdll.dll into the google chrome process address space. DLL is successfully executed and temp file is created. likewise we can create windows user also by writing DLL for the same. VERSION Chrome Version: Version 50.0.2661.75 m Operating System: Windows 7 Professional Service Pack1 REPRODUCTION CASE 1)Create A DLL File to inject into process. 2)Pass Process ID and DLL file path as input to the program. 3)Execute the program written in C++ to inject the DLL into the chrome memory address space. 4)On successful exploitation DLL file will be injected into process address space and executed. 5)On DLL file execution temp file will be created as i have written the same code for DLL file.
,
Apr 14 2016
The Same attack is restricted by other application as they don't allow to execute the unwanted DLL.
,
Jul 22 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by tsepez@chromium.org
, Apr 14 2016