Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Nova vulnerabilidade no Google Chrome

    Google Chrome Tabs Let Malware Sneak Into Businesses - Security - Attacks/breaches - Informationweek

    "Consider the following scenario: The user is signed in to Chrome on both work and home computer. ... The home computer gets infected by a malware. Now all of the work synced data (such as work-related passwords) is owned by the malware," said Rob Rachwald, director of security strategy at Imperva.


    Furthermore, IT departments could have difficulty successfully spotting and blocking malware that infiltrates the enterprise in this manner, especially given the number of attacks that could be launched from an infected home PC. "Even if the malware gets disinfected on work computer, the malware is able to infect over and over again--as the root cause of the infection--the home computer--is outside of the reach of the IT department," Rachwald said.


    Another potential attack vector would be if the malware installed a rogue Chrome extension, and such extensions have appeared on the official Chrome Web Store in the past.


    "Chrome extensions are evil," noted Felix "FX" Lindner, head of Recurity Labs in Berlin. That comment came during a talk he delivered at Black Hat Europe earlier this year, in which he highlighted how Chrome extensions can be used by an attacker to inject JavaScript directly into the browser. What's more, any users who sign into Chrome on a different workstation will have their extensions automatically installed on the current PC. As a result, a malicious extension installed at home could easily appear on a workplace PC, creating a vulnerability similar to the one that Rachwald highlighted.


    Preventing users from installing Chrome extensions is nearly impossible. For starters, while the IT department can issue its own Chrome build, and set it to block extensions, you can install and run your own installation of the browser on any PC for which you have permission to write to the home directory--no administrator rights required.


    Security defenses also won't spot malicious extensions. "This all being JavaScript and HTML, the corporate antivirus is not going to catch it--on top of the fact that you're downloading the extension via SSL from Google's Web store," said Lindner. "Unless corporate [IT] breaks SSL for you, they're not going to see it anyway.

    Since the browser's preferences are handled with JavaScript, a malicious extension could automatically--and without a user being aware--install and run arbitrary code in the browser. For example, the extension might unleash a Trojan application that recorded everything the user did, or open a malicious website in the browser. Furthermore, if this extension was first installed at home, it would automatically get pushed to work when the user logged in there.
    Attackers aren't the only concern for Chrome users, as the Google tab synchronization feature could also be used during digital forensic investigations. "Imagine there's a case against you at work, and they do forensics, and they get all of your accounts at home," said Lindner.

    But the bigger picture, he said, is that users should consider the security implications of synchronizing information between Chrome tabs or even between Google services. "I'm really not sure who would want to: a) give all this information to Google, and then, b) actually sync it onto every single machine they're using," Lindner said. "So much for defense. But maybe I'm the wrong person to ask--I don't even have a Google account. Wrong religion."

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Rio de Janeiro - RJ
    Pelo o que entendi esse malware é instalado através de uma extensão. Até hoje não consigo entender como uma pessoa instala uma extensão que nem sabe de onde vem, já que é difícil uma grande empresa manter seu navegador seguro, imagina uma extensão "fundo de quintal"... Eu não uso nenhuma extensão em nenhum navegador ou software que não seja feita pelo fabricante do mesmo.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens