Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - Researcher claims to have Chrome 0day, Google says 'prove it' (

chicksdaddy writes: "Google's been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isn't interested in selling it, eyebrows get raised. And that's just what's happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will demonstrate a remotely exploitable hole in the Chrome web browser at Malcon. He described the security hole in Chrome as a “critical vulnerability” in a Chrome DLL. “It has silent and automatically (sp) download functionand it works on all Windows systems” he told Security Ledger.
However, more than a few questions hang over Gobejishvili’s talk. The researcher said he discovered the hole in July, but hasn't bothered to contact Google. He will demonstrate the exploit at MalCon, and have a “general discussion” about it, but won’t release source code for it. “I know this is a very dangerous issuethat’s why I am not publishing more details about this vulnerability,” he wrote. Google said that, with no information on the hole, it can only wait to hear the researcher's Malcon presentation before it can assess the threat to Chrome users."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researcher claims to have Chrome 0day, Google says 'prove it'

Comments Filter:

Computers are unreliable, but humans are even more unreliable. Any system which depends on human reliability is unreliable. -- Gilb