Posted by metalkey net on Jan 11

Google Chrome allows execution of Javascript via the Default Search Engines
feature.
An exploit can be created to take advantage of this issue by manipulating
the master_preferences file on a victim’s machine.

Video Example:
https://www.youtube.com/watch?v=WoF-LkA6fMk

Walkthrough:
https://m3t4lk3y.wordpress.com/category/google-chrome-search-poison/