SURF CHROME

(SURFCHROME.COM) - In response to our article Incognito Mode Forensics, we received information regarding a Flash Cookie vulnerability within the incognito mode of Google Chrome.  After doing further research, we found a blog post by David Ehrmann who describes these cookies more as Flash SharedObjects which behave similar to cookies and allow flash applets to store information locally.  Unfortunately, this information can still be retrieved by other websites to see what sites you have visited.  This is a problem exposed in the privacy mode of other browsers.  The solution would be to disable Flash but Google Chrome does not have that option (yet).  Ehrmann also provides more details and a proof of concept at his site stating,

"When playing with s3mp in Incognito mode, I found a disturbing security hole that allows "cookies" to not only be retained between Incognito sessions, but leak from a regular session to Incognito." read more...

Comments

Add New

Write comment

Name: Email:  do not notifynotify Website: Title: UBBCode:         -color-aquablackbluefuchsiagraygreenlimemaroonnavyolivepurpleredsilvertealwhiteyellow -size-tinysmallmediumlargehuge     Please input the anti-spam code that you can read in the image.

Speedmaster  - Sad Chrome? ...     |199.67.131.xxx |2008-09-24 23:50:51 Fun blog, glad I found it. ;-) Have you seen the Sad Chrome yet? http://amateureconblog.blogspot.com/2008/09/sad... Reply | Quote 0   0

GQsm   |81.168.115.xxx |2008-10-19 06:49:34 I changed my Chrome shortcut to “C:\Documents and Settings\%username%\Local Settings\Application Data\Google\Chrome” -disable-plugins That disables flash (and quicktime among others) for me. To be fair most things I look at I don't want those plugins inteferring. Javascript seems unaffected so my browsing is extremely quick and happy now. Reply | Quote 1   0

Powered by !JoomlaComment 3.25

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."