New issue
Advanced search Search tips

Issue 726231 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: May 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

I found a new Remote Code Execution

Reported by flecvid...@gmail.com, May 25 2017

Issue description

 Successful exploitation may allow an attacker to execute arbitrary code in the context of the user running the affected application or result in denial-of-service conditions. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Category : International Exploit
Risk : Security Risk High





VULNERABILITY DETAILS
A vulnerability has been discovered in Google Chrome, which could result in remote code execution. Google Chrome is a web browser used to access the Internet.I know you guys know that Google Chrome is a web browser but[a bit formal ]. This vulnerability which i discovered can be exploited if a user visits, or is redirected to, a specially crafted web page.

VERSION
Chrome Version: Google Chrome	58.0.3029.110 (Official Build) (64-bit)
Operating System: Windows 7
JavaScript: V8 5.8.283.38

I found a new vulnerability in Google Chrome, which could result in remote code execution. This vulnerability which i found can be exploited if a user visits, or is redirected to, a specially crafted web page. Successful exploitation may allow an attacker to execute arbitrary code in the context of the user running the affected application or result in denial-of-service conditions. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Type : Remote Code Exploit
 
My Movie 020.mp4
2.5 MB View Download
sorry for typing the same thing two times..
and the version is 40.0 ..sorry for typing 58 because i submitted it with my mac ,so i checked the mac Version and not the Windows..I havent updated my os in a while..What a pity! I never knew i was a fool

Comment 3 by wfh@chromium.org, May 25 2017

Status: WontFix (was: Unconfirmed)
Thank you for your report and your video.

This appears to only affect Chrome 40, which was released in Jan 2015, and replaced by Chrome 41 in Feb 2015, over two years ago. As per the rules of the VRP [1] we are really only interested in bug that affect current versions of Chrome: "We are interested in bugs that make it to our Stable, Beta and Dev channels.".

Also, you didn't enclose the bug, just a video.

Can you re-test your bug on latest version of Chrome, and also upload the full bug proof of concept file?

Please create a new bug with these new details or reply here.

Thanks.

[1] - https://www.google.com/about/appsecurity/chrome-rewards/index.html
Okay,I will try that and upload the source code here.
Thank you for sparing your time
Hey,
I am making the file again because i lost the code.I will submit the bug within a span of two days.By the way,is there any problem if I share my code with anyone other than Google because my friends want to remotely access someone's PC.Should I?
I wont share it if you say not to.I promise!
Is there any problem if i upload the file in GITHUB as an unlisted file?
Please Reply ASAP

Comment 6 by wfh@chromium.org, May 26 2017

Please just post the code here on this bug. Please be aware that if you disclose the bug to anyone else including but not limited to your friend who "want to remotely access someone's PC" then this would disqualify you from the VRP program as per the rules [1]:

"Bugs disclosed publicly or to a third-party for purposes other than fixing the bug will typically not qualify for a reward."

It is best not to upload to github, but just attach the file to the bug here using the 'attach a file' button below.

Thanks.

[1] - https://www.google.com/about/appsecurity/chrome-rewards/
Okay.I wont share it to anyone other than Google.Sorry gor askingn that.
Please Dont reply to this comment.I will send the code and proof below 
Thanks.

How can i send the file?Can i use gmail?
Project Member

Comment 9 by sheriffbot@chromium.org, Aug 31 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment