Linked by Kroc Camen on Wed 7th Apr 2010 08:19 UTC
Bugs & Viruses Via Ha.ckers.org, we get news of a cross-domain flaw using Flash or Silverlight content that allows the attacker to use the victim's browser as a proxy, including access to the user's session. Erlend Oftedal, the developer, explains how the system works and demonstrates the concept with a video. The flaw stems from developers lackadaisically allowing cross-domain requests from Flash across their whole domain (which obviously includes the user-account interactions); even Flickr and YouTube were culprits at one point.
Thread beginning with comment 417517
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: is Chrome vulnerable?
by avih on Wed 7th Apr 2010 10:08 UTC in reply to "is Chrome vulnerable?"
avih
Member since:
2006-03-16

Basically, Yes. This attack can take place using any reasonable browser.

The vulnerability is not Chrome's. It's a server which is configured insecurely that facilitates it.

Edited 2010-04-07 10:10 UTC

Reply Parent Score: 1

RE[2]: is Chrome vulnerable?
by eoftedal on Wed 7th Apr 2010 21:12 in reply to "RE: is Chrome vulnerable?"
eoftedal Member since:
2010-04-07

Correct. I've tested it in Chrome, and as expected it works there as well

Reply Parent Score: 1