Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It"

Posted by samzenpus on from the secret-security dept.

chicksdaddy writes "Google's been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isn't interested in selling it, eyebrows get raised. And that's just what's happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will demonstrate a remotely exploitable hole in the Chrome web browser at Malcon. He described the security hole in Chrome as a 'critical vulnerability' in a Chrome DLL. 'It has silent and automatically (sp) download function and it works on all Windows systems,' he told Security Ledger. However, more than a few questions hang over Gobejishvili's talk. The researcher said he discovered the hole in July, but hasn't bothered to contact Google. He will demonstrate the exploit at MalCon, and have a 'general discussion' about it, but won't release source code for it. 'I know this is a very dangerous issue that's why I am not publishing more details about this vulnerability,' he wrote. Google said that, with no information on the hole, it can only wait to hear the researcher's Malcon presentation before it can assess the threat to Chrome users."

19 of 106 comments (clear)

  1. Certainly has a legitimate track record by Tontoman · · Score: 3, Insightful

    He certainly has a history of uncovering exploits. Here are his youtube videos: http://www.youtube.com/user/longrifle0x

    1. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 5, Insightful

      He's doing it for fame, not for profit. By selling out a single hole, he gets a one-time check. By talking about it in the abstract, he gets attention. Perhaps a lot of attention, and people listening to him speak. Some people value attention more than money.

    2. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 5, Insightful

      Sorry, but this is one of the most clueless security researchers on the planet.

      See https://code.google.com/p/chromium/issues/detail?id=108651

    3. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 2, Interesting

      He's doing it for fame, not for profit. By selling out a single hole, he gets a one-time check. By talking about it in the abstract, he gets attention. Perhaps a lot of attention, and people listening to him speak. Some people value attention more than money.

      or maybe he just wants to advertise his product before setting the price

    4. Re:Certainly has a legitimate track record by trdtaylor · · Score: 5, Interesting

      He's advertising to sell to one of the big 0-day sellers in the world. Probably get a lot more than 60,000 for something this useful

    5. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 5, Interesting

      No, it just means Google had an error.

      The issue in question has this source code:

      <script>
      var cxrili=new Array("1337","longrifle0x?");
      var a=0;
      while (a=1)
      {
      document.write(cxrili[a])
      a++;
      }
      </script>

      Researcher claims this crashes chrome, turns out it just crashes the tab nicely with what they call a "sad" tab.

      Researcher then says: "Hmm.. really? I tested it on two other PC and got result." because he clearly didn't understand what they said.

      They then close the "bug".

      Nice ad hominem and appeal to authority though. Jackass.

    6. Re:Certainly has a legitimate track record by LordLimecat · · Score: 4, Interesting

      I particularly like this part from his bug report:

      VERSION
      Chrome Version:Ubuntu 11.4 version
      Operating System: [Ubuntu 11.4]

      Man I love that version of chrome. What do you call a security researcher who cant even identify his platform in his bug reports?

    7. Re:Certainly has a legitimate track record by Justin_Schuh · · Score: 5, Informative

      Here's every "security" report he's made against Chrome. None were valid.

    8. Re:Certainly has a legitimate track record by dissy · · Score: 4, Informative

      I seriously doubt any of the big zero-day sellers (or buyers for that matter) would be interested in an "exploit" where you use java script to change the *status bar* (Not address bar) to spoof what URL a link actually goes to.

      Yes, that really is what this person considers an exploit, and he has never discovered nor shown he understands anything more complex than that :P

    9. Re:Certainly has a legitimate track record by Pieroxy · · Score: 3, Insightful

      And Google staff has a great temper on that one. I would have pointed out "Programming for Dummies" to the guy straight out and I would have banned him from my bug tracker. I mean, by this bug alone you can see the guy is utterly clueless about CS in general.

      --
      Write boring code, not shiny code!
    10. Re:Certainly has a legitimate track record by ameen.ross · · Score: 5, Informative

      LMAO

      The very first video where he purportedly shows an Office 2010 0-day vulnerability ("it has silent and automatically download function"), I noticed he right clicked the desktop and clicked pressed "refresh"...
      He then moves on to show that he really is running Office 2010, and then he opens a link, not a word file, which opens MS Word and then opens a local, not silently downloaded, executable: Putty. He finishes by typing "1337" in the connectbox of Putty.

      There are unthinkably many scenarios that lead to this behavior, but this dude having been able to find an actual 0-day vulnerability in any software is not one of them.

      --
      $(echo cm0gLXJmIC8= | base64 --decode)
    11. Re:Certainly has a legitimate track record by wonkey_monkey · · Score: 2

      If you look closely sometimes you see the little icon that designates a shortcut.

      Oh, I see what you mean now - I think you've mistaken the optional Windows item selection checkbox for a shortcut indicator.

      http://www.sevenforums.com/tutorials/10111-select-items-check-boxes.html

      But yes, you're right, that video is proof of nothing.

      --
      systemd is Roko's Basilisk.
  2. Clueless by Anonymous Coward · · Score: 2, Insightful

    Maybe he's talking about this lol. Or mybe this one. tl;dr dude is clueless.

  3. This researcher has a poor track record by Anonymous Coward · · Score: 5, Informative

    This security researcher has a track record of not understanding even basic security concepts.

    Basic misunderstanding of "memory corruption" vs. an "out of memory" condition: https://code.google.com/p/chromium/issues/detail?id=108651

    Basic misunderstanding of web security and the capabilities of Javascript: https://code.google.com/p/chromium/issues/detail?id=148636

    This does not preclude the case where he's stumbled across something real, but it seems highly unlikely.

  4. Fermat's Last Exploit by Anonymous Coward · · Score: 5, Funny

    I have discovered a truly marvelous exploit, which allows a remote attacker to compromise any computer regardless of OS, hardware, or software installed. Unfortunately, this post is too small to contain the details of it.

    1. Re:Fermat's Last Exploit by crutchy · · Score: 5, Funny

      its not like the age old ctrl+F4 exploit that affects all browsers in all operating systems and has the uncanny result of closing which ever browser window you happen to be viewing... it even works on some other programs. i think it must be a bug in the processor or something.... stupid intel

    2. Re:Fermat's Last Exploit by Anonymous Coward · · Score: 2, Insightful

      i don't think the repliers got the fermat's reference :)

    3. Re:Fermat's Last Exploit by Psicopatico · · Score: 2

      I have discovered a truly marvelous exploit, which allows a remote attacker to compromise any computer regardless of OS, hardware, or software installed. Unfortunately, this post is too small to contain the details of it.

      The user?

      Looks like it fits well enough in this post...

      --
      Mastering the English language is fucking easy: all you have to do is to put an f* word in every fucking sentence.
  5. Wait for the conference by PPH · · Score: 2

    I'm sure this will attract more attention to the MalCon tent.

    --
    Have gnu, will travel.