[Full-disclosure] Google Chrome Browser Vulnerability
Larry Seltzer
larry at larryseltzer.com
Wed Sep 3 01:13:40 BST 2008
Holy crap, a crash bug in a beta browser!
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer at ziffdavisenterprise.com
-----Original Message-----
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Rishi
Narang
Sent: Tuesday, September 02, 2008 7:51 PM
To: full-disclosure at lists.grok.org.uk
Subject: [Full-disclosure] Google Chrome Browser Vulnerability
Hi,
---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27
Tested:
Windows XP Professional SP3
Result:
Google Chrome Crashes with All Tabs
Problem:
An issue exists in how chrome behaves with undefined-handlers in
chrome.dll version 0.2.149.27. A crash can result without user
interaction. When a user is made to visit a malicious link, which has an
undefined handler followed by a 'special' character, the chrome crashes
with a Google Chrome message window "Whoa! Google Chrome has crashed.
Restart now?". It fails in dealing with the POP EBP instruction when
pointed out by the EIP register at 0x01002FF4.
Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php
Credit:
Rishi Narang (psy.echo)
www.greyhat.in
www.evilfingers.com
---------------------------------------------------
--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc)
www.greyhat.in
... eschew obfuscation, espouse elucidation.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.