Bug may enable remote code execution in Google ChromeOctober 24, 2011 – 8:50 PM
Google Chrome contains a vulnerability that could allow an attacker to silently execute remote code on a victim’s machine outside of the browser’s built-in sandbox protections, according to researchers at Slovenia-based Acros Security.
According to Google, however, the issue is not technically a flaw, but rather a “strange behavior” that would require substantial user manipulation to exploit.
The issue, which Acros researchers disclosed to Google more than a month ago, could result in Chrome, under specific circumstances, loading an encryption configuration file from an insecure location, Mitja Kolsek, CEO of Acros Security, told SCMagazineUS.com on Monday. This could allow an attacker to execute remote code on a victim’s machine outside of the Chrome sandbox, intended to protect sensitive resources from being accessed by malicious code.