[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Google Chrome Browser Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Google Chrome Browser Vulnerability
From: Rishi Narang <psy.echo@xxxxxxxxx>
Date: Wed, 3 Sep 2008 05:20:45 +0530

Hi,

---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll 
version 0.2.149.27. A crash can result without user interaction. When a user is 
made to visit a malicious link, which has an undefined handler followed by a 
'special' character, the chrome crashes with a Google Chrome message window 
"Whoa! Google Chrome has crashed. Restart now?". It fails in dealing with the 
POP EBP instruction when pointed out by the EIP register at 0x01002FF4.

Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php

Credit:
Rishi Narang (psy.echo)
www.greyhat.in
www.evilfingers.com
---------------------------------------------------

--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc) 
www.greyhat.in 

... eschew obfuscation, espouse elucidation.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Google Chrome Browser Vulnerability
  - From: n3td3v
- Re: [Full-disclosure] Google Chrome Browser Vulnerability
  - From: Larry Seltzer

Prev by Date: Re: [Full-disclosure] die
Next by Date: Re: [Full-disclosure] die
Previous by thread: [Full-disclosure] [ MDVSA-2008:183 ] opensc
Next by thread: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Index(es):
- Date
- Thread