Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Google Chrome Browser Vulnerability
From: Rishi Narang <psy.echo () gmail com>
Date: Wed, 3 Sep 2008 05:20:45 +0530

Hi,

---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result 
without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 
'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart 
now?". It fails in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.

Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php

Credit:
Rishi Narang (psy.echo)
www.greyhat.in
www.evilfingers.com
---------------------------------------------------

--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc) 
www.greyhat.in 

... eschew obfuscation, espouse elucidation.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault