Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Google Chrome Browser Vulnerability
From: Rishi Narang <psy.echo () gmail com>
Date: Thu, 4 Sep 2008 01:10:54 +0530


"Time" can definitely plays a major role.  There was a collision that occurred due to the fact that I took time to find 
the real break point in the code, search for a template and to publish at EvilFingers site before sending it to Google 
and other bugtraqs. 

Even though I had the vulnerability 4 hrs well before the real publication of the bug and had the exploit along with 
the some crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3, different attack cases, exceptions of http/ftp 
and further debug logs; there was this bug published (though without the details of possible cases, exceptions and 
mouse hover techniques) couple of hours before I released it out at EvilFingers.

So, I would like to convey due credit to Mr. JanDeMooij as well for his posting the bug on 
http://code.google.com/p/chromium/issues/detail?id=122, and thanks to Mr. Brennan for contacting me about the same.

Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc) 

... eschew obfuscation, espouse elucidation.

Wednesday, September 3, 2008, 5:43:40 AM, you wrote:

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Rishi
Sent: Tuesday, September 02, 2008 7:51 PM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Google Chrome Browser Vulnerability


Google Chrome Browser

Windows XP Professional SP3

Google Chrome Crashes with All Tabs

An issue exists in how chrome behaves with undefined-handlers in
chrome.dll version A crash can result without user
interaction. When a user is made to visit a malicious link, which has an
undefined handler followed by a 'special' character, the chrome crashes
with a Google Chrome message window "Whoa! Google Chrome has crashed.
Restart now?". It fails in dealing with the POP EBP instruction when
pointed out by the EIP register at 0x01002FF4.

Proof of Concept:

Rishi Narang (psy.echo)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]