Issue metadata
Sign in to add a comment
|
I found a new Remote Code Execution
Reported by
flecvid...@gmail.com,
May 25 2017
|
||||||||||||||||||
Issue descriptionSuccessful exploitation may allow an attacker to execute arbitrary code in the context of the user running the affected application or result in denial-of-service conditions. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Category : International Exploit Risk : Security Risk High VULNERABILITY DETAILS A vulnerability has been discovered in Google Chrome, which could result in remote code execution. Google Chrome is a web browser used to access the Internet.I know you guys know that Google Chrome is a web browser but[a bit formal ]. This vulnerability which i discovered can be exploited if a user visits, or is redirected to, a specially crafted web page. VERSION Chrome Version: Google Chrome 58.0.3029.110 (Official Build) (64-bit) Operating System: Windows 7 JavaScript: V8 5.8.283.38 I found a new vulnerability in Google Chrome, which could result in remote code execution. This vulnerability which i found can be exploited if a user visits, or is redirected to, a specially crafted web page. Successful exploitation may allow an attacker to execute arbitrary code in the context of the user running the affected application or result in denial-of-service conditions. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Type : Remote Code Exploit
,
May 25 2017
and the version is 40.0 ..sorry for typing 58 because i submitted it with my mac ,so i checked the mac Version and not the Windows..I havent updated my os in a while..What a pity! I never knew i was a fool
,
May 25 2017
Thank you for your report and your video. This appears to only affect Chrome 40, which was released in Jan 2015, and replaced by Chrome 41 in Feb 2015, over two years ago. As per the rules of the VRP [1] we are really only interested in bug that affect current versions of Chrome: "We are interested in bugs that make it to our Stable, Beta and Dev channels.". Also, you didn't enclose the bug, just a video. Can you re-test your bug on latest version of Chrome, and also upload the full bug proof of concept file? Please create a new bug with these new details or reply here. Thanks. [1] - https://www.google.com/about/appsecurity/chrome-rewards/index.html
,
May 25 2017
Okay,I will try that and upload the source code here. Thank you for sparing your time
,
May 26 2017
Hey, I am making the file again because i lost the code.I will submit the bug within a span of two days.By the way,is there any problem if I share my code with anyone other than Google because my friends want to remotely access someone's PC.Should I? I wont share it if you say not to.I promise! Is there any problem if i upload the file in GITHUB as an unlisted file? Please Reply ASAP
,
May 26 2017
Please just post the code here on this bug. Please be aware that if you disclose the bug to anyone else including but not limited to your friend who "want to remotely access someone's PC" then this would disqualify you from the VRP program as per the rules [1]: "Bugs disclosed publicly or to a third-party for purposes other than fixing the bug will typically not qualify for a reward." It is best not to upload to github, but just attach the file to the bug here using the 'attach a file' button below. Thanks. [1] - https://www.google.com/about/appsecurity/chrome-rewards/
,
May 26 2017
Okay.I wont share it to anyone other than Google.Sorry gor askingn that. Please Dont reply to this comment.I will send the code and proof below Thanks.
,
Jul 2 2017
How can i send the file?Can i use gmail?
,
Aug 31 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by flecvid...@gmail.com
, May 25 2017