SURF CHROME

Google Chrome Browser news, hacks, and discussion.

Incognito Flash Cookie Vulnerability Print E-mail
Written by chi   
Tuesday, 23 September 2008 09:14

Incognito Window Mode(SURFCHROME.COM) - In response to our article Incognito Mode Forensics, we received information regarding a Flash Cookie vulnerability within the incognito mode of Google Chrome.  After doing further research, we found a blog post by David Ehrmann who describes these cookies more as Flash SharedObjects which behave similar to cookies and allow flash applets to store information locally.  Unfortunately, this information can still be retrieved by other websites to see what sites you have visited.  This is a problem exposed in the privacy mode of other browsers.  The solution would be to disable Flash but Google Chrome does not have that option (yet).  Ehrmann also provides more details and a proof of concept at his site stating,

"When playing with s3mp in Incognito mode, I found a disturbing security hole that allows "cookies" to not only be retained between Incognito sessions, but leak from a regular session to Incognito." read more...

Comments
Add New
+/-
Write comment
Name:
Email:
 
Website:
Title:
UBBCode:
[b] [i] [u] [url] [quote] [code] [img] 
 
 
:angry::0:confused::cheer:B):evil:
:silly::dry::lol::kiss::D:pinch:
:(:shock::X:side::):P
:unsure::woohoo::huh::whistle:;):s
:!::?::idea::arrow:
 
Please input the anti-spam code that you can read in the image.
Speedmaster  - Sad Chrome? ...     |199.67.131.xxx |2008-09-25 00:50:51
Fun blog, glad I found it. ;-)

Have you seen the Sad Chrome yet?
http://amateureconblog.blogspot.com/2008/09/sad...
GQsm   |81.168.115.xxx |2008-10-19 07:49:34
I changed my Chrome shortcut to
“C:\Documents and
Settings\%username%\Local Settings\Application
Data\Google\Chrome” -disable-plugins

That disables flash (and
quicktime among others) for me. To be fair most things I look at I don't want
those plugins inteferring.
Javascript seems unaffected so my browsing is
extremely quick and happy now.

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

Last Updated on Thursday, 16 October 2008 09:48
 

Visitor Stats

55.02% Chrome
27.52% Firefox
13.12% Internet Explorer
01.80% Safari
01.74% Opera
00.53% Mozilla

09/02/2008 to 11/08/2008

Bugs

Hardware, Websites or programs that don't work well with Google Chrome Browser.
Touchpad Scrolling (fixed)
Facebook Problems
Microsoft OWA
More...

Sponsored Links

Forum Posts


You are here  : Home Home News List Mode Incognito Flash Cookie Vulnerability