Google Chrome tries to load cryptbase.dll by default from
C:\Program Files\Google\Chrome\Application\ but the dll is not part of the installation.
Chrome fails with DLL Not Found error.
If we copy any malicious DLL renamed as cryptbase.dll to C:\Program Files\Google\Chrome\Application\
Chrome will load and execute the DLL controlled by malicious user.
The source code which I used for building the DLL is at
Chrome 39.0.2171.95m (latest is also vulnerable)
Windows 7 Ultimate N SP1
Reported to Google but they didn't consider it stating as Local exploit.
Post a Comment