Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - Researcher claims to have Chrome 0day, Google says 'prove it' (securityledger.com)

chicksdaddy writes: "Google's been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isn't interested in selling it, eyebrows get raised. And that's just what's happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will demonstrate a remotely exploitable hole in the Chrome web browser at Malcon. He described the security hole in Chrome as a “critical vulnerability” in a Chrome DLL. “It has silent and automatically (sp) download functionand it works on all Windows systems” he told Security Ledger.
However, more than a few questions hang over Gobejishvili’s talk. The researcher said he discovered the hole in July, but hasn't bothered to contact Google. He will demonstrate the exploit at MalCon, and have a “general discussion” about it, but won’t release source code for it. “I know this is a very dangerous issuethat’s why I am not publishing more details about this vulnerability,” he wrote. Google said that, with no information on the hole, it can only wait to hear the researcher's Malcon presentation before it can assess the threat to Chrome users."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researcher claims to have Chrome 0day, Google says 'prove it'

Comments Filter:

MSDOS is not dead, it just smells that way. -- Henry Spencer