Google Glass Browser is vulnerable to addJavascriptInterface remote code execution

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. Create a simple page with the following:
<html>
<script>
for (i in top) {
    try {
        top[i].getClass().forName('java.lang.Runtime');
        alert('vulnerable');
    } catch(e) {}
}
</script>
</html>
2. Browse to this page on Google Glass
3. Observe "The page at [snip] says 'vulnerable'."

What is the expected output? What do you see instead?
The above javascript should always throw an exception (getClass() should always 
return null), and never reach the alert dialog.

What version of the product are you using? On what operating system?
Google Glass XE12

Please provide any additional information below.
This is a serious issue that could allow an attacker to compromise the device.

Original issue reported on code.google.com by tim...@gmail.com on 5 Feb 2014 at 2:54

GoogleCodeExporter commented 8 years ago

Original comment by ala...@google.com on 5 Feb 2014 at 5:10

Changed state: Accepted
Added labels: Component-Other-API, log-12905003

GoogleCodeExporter commented 8 years ago

This has been fixed with XE16!

Original comment by ala...@google.com on 21 Apr 2014 at 4:00

Changed state: Fixed

nicolas2k / google-glass-api

Google Glass Browser is vulnerable to addJavascriptInterface remote code execution #397