New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 778413 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: May 2018
Cc:
hdodda@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

chromesearch.today malware vulnerability on client-side

Reported by anthony....@gmail.com, Oct 25 2017 
VULNERABILITY DETAILS
The malicious software "chromesearch.today." is typically installed on a user's instance of chrome on the Windows operating system, it infects the DOM elements of the victim's computer in a way that stops them from being able to manage their chrome search engine settings. It is particularly malicious as it does not install anything to program files or the like so it is not detected by antivirus scanning or web browser security, making it quite hard to get rid of. the scope of what the virus does is unknown as my intention was to clear it as soon as possible however the immediate observable activity was is as follows.
- Locks the search engine settings so they are unchangeable 
- Modifies 'new tab' behaviour
- Locks default search engine to the malicious one 
- Searches for something, passing through a 3rd party site before being redirected to a yahoo search.

I have since cured the bug by both manipulating DOM elements and also doing a .pol to .sav registry file name conversion and running a command to deleted the effected registry, this has removed all traces of it however for an untrained individual this would be almost impossible to both search for a fix for, or even google for.


VERSION
Chrome Version: [61.0.3163.100] + [Official Build, 64-bit]
Operating System: [Windows 10 build 15063.674]

Comment 1 by elawrence@chromium.org, Oct 25 2017

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Needs-Feedback Type-Bug
Summary: chromesearch.today malware vulnerability on client-side (was: Security: chromesearch.today malware vulnerability on client-side)
Do you have more details about how you were infected by this virus?

In general, compromised machines are outside the scope of the browser threat model: https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-compromised_infected-machines-in-Chromes-threat-model

However, if you have more details as to how you acquired this infection, I'd be happy to learn more about this.

Comment 2 by gigabyte...@gmail.com, Oct 29 2017 

Just would like to mention. This is probably not a vulnerability. Just an adware that users can accidentally install, packaged with other software. http://chromesearch.today/ claims to be an independent, privacy-respecting, search engine but redirects to all Google official links. This is probably because it saves inputs into a database, like a spyware attack.

Comment 3 by jochen@chromium.org, Nov 2 2017

Components: UI>Browser>Preferences>Protector

Comment 4 by hdodda@chromium.org, Dec 4 2017

Cc: hdodda@chromium.org
Labels: Needs-Milestone OS-Windows Pri-2
@ anthony.graham.carnell-- Could you please provide us an update , if you are still seeing the issue in latest chrome stable M62 #62.0.3202.94 and update us with your observations.

Thanks!

Comment 5 by sandeepkumars@chromium.org, May 22 2018

Status: WontFix (was: Unconfirmed)
Closing issue as WontFix due to lack of feedback requested but not provided. If the issue still exists please open a new issue with the details requested.

Thanks..!

Sign in to add a comment