360Safe and 360Chrome browsers buffer overflow exploited

reacherj · ‎12-05-2011

Let's focus on browsers' security.

Both 360Safe and 360Chrome browsers have the java rhino script engine buffer overflow vulnerability recently disclosed.

Attackers could exploit this vulnerability to execute arbitrary code outside of the sandbox.

PoC demo:

360Safe browser is not quite safe:

http://www.youtube.com/watch?v=9NRlfDe3SYQ

360Chrome also exploited:

http://www.youtube.com/watch?v=_eT-AfcpBJg

SendOfJive · ‎02-07-2009

Hi reacherj,

This vulnerability, CVE-2011-3544, has been patched in Java 6 Update 29 and Java 7 Update 1. Updating your installed version of Java will protect you. Also, Norton IPS includes a signature for this attack and will block it. If you fall victim to this exploit you will have only yourself to blame.

http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=24700

bleeper24 · ‎04-13-2011

As an addendum with reference to this Java issue ....

Anyone who also uses any of the many Linux distros' should also make sure the update is applied as the popular Ubuntu releases from V10.4 upwards through to the current V.11 releases are also vulnerable along with Red Hat ,Mandriva and other distributions ! Be safe out there

Windows7 SP1....Norton NIS 2012 ...4Gb RAM ..Momentus XT SolidState HybridHD

Docendo discimus ( Teach in order to learn)

Tech Outpost

360Safe and 360Chrome browsers buffer overflow exploited

Re: 360Safe and 360Chrome browsers buffer overflow exploited

Re: 360Safe and 360Chrome browsers buffer overflow exploited

Products

Services

Support