Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: Google Chrome Browser Flaw
From: "Isaac Dawson" <isaac.dawson () gmail com>
Date: Wed, 3 Sep 2008 21:46:01 +0900
Just remember,
According the EULA you 'clicked', google now owns any vulnerability you find!
http://tapthehive.com/discuss/This_Post_Not_Made_In_Chrome_Google_s_EULA_Sucks
-isaac

On Wed, Sep 3, 2008 at 11:04 AM, Rishi Narang <psy.echo () gmail com> wrote:

Hi,

Here is a flaw in just released Google Chrome Browser (Beta). This not a really a "Jail-Break" remote execution type 
of serious vulnerability (till now, it doesn't seem one) but surely crashes the application (all tabs) and needs a 
browser restart. But, as a whole the browser surely is very neat and fast!

Google with its own simplicity and creativity, has taken integrated features of top browsers - Firefox, IE, Safari 
etc. Hope, it didn't catch their bugs too, as the old Carpet Bombing Attack and other speculations going in wild!

---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result 
without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 
'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart 
now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap (kernel), followed by "POP EBP" instruction when 
pointed out by the EIP register at 0x01002FF4.

Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php

Credit:
Rishi Narang
www.greyhat.in
www.evilfingers.com
---------------------------------------------------

--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc)
www.greyhat.in

... eschew obfuscation, espouse elucidation.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]