Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Chrome

+ - Researcher claims to have Chrome 0day, Google says 'prove it'->

Submitted by
chicksdaddy
chicksdaddy writes "Google's been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isn't interested in selling it, eyebrows get raised. And that's just what's happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will demonstrate a remotely exploitable hole in the Chrome web browser at Malcon. He described the security hole in Chrome as a “critical vulnerability” in a Chrome DLL. “It has silent and automatically (sp) download functionand it works on all Windows systems” he told Security Ledger.
However, more than a few questions hang over Gobejishvili’s talk. The researcher said he discovered the hole in July, but hasn't bothered to contact Google. He will demonstrate the exploit at MalCon, and have a “general discussion” about it, but won’t release source code for it. “I know this is a very dangerous issuethat’s why I am not publishing more details about this vulnerability,” he wrote. Google said that, with no information on the hole, it can only wait to hear the researcher's Malcon presentation before it can assess the threat to Chrome users."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researcher claims to have Chrome 0day, Google says 'prove it'

Comments Filter:

"In the face of entropy and nothingness, you kind of have to pretend it's not there if you want to keep writing good code." -- Karl Lehenbauer

Working...