[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Google Chrome Browser Vulnerability

To: "Rishi Narang" <psy.echo@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Google Chrome Browser Vulnerability
From: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
Date: Tue, 2 Sep 2008 20:13:40 -0400

Holy crap, a crash bug in a beta browser! 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@xxxxxxxxxxxxxxxxxxxxxxx


-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Rishi
Narang
Sent: Tuesday, September 02, 2008 7:51 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Google Chrome Browser Vulnerability

Hi,

---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in
chrome.dll version 0.2.149.27. A crash can result without user
interaction. When a user is made to visit a malicious link, which has an
undefined handler followed by a 'special' character, the chrome crashes
with a Google Chrome message window "Whoa! Google Chrome has crashed.
Restart now?". It fails in dealing with the POP EBP instruction when
pointed out by the EIP register at 0x01002FF4.

Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php

Credit:
Rishi Narang (psy.echo)
www.greyhat.in
www.evilfingers.com
---------------------------------------------------

--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc) 
www.greyhat.in 

... eschew obfuscation, espouse elucidation.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Google Chrome Browser Vulnerability
  - From: Rishi Narang
- Re: [Full-disclosure] Google Chrome Browser Vulnerability
  - From: n3td3v
- Re: [Full-disclosure] Google Chrome Browser Vulnerability
  - From: silky
- Re: [Full-disclosure] Google Chrome Browser Vulnerability
  - From: James Matthews
- Re: [Full-disclosure] Google Chrome Browser Vulnerability
  - From: Rishi Narang

References:
- [Full-disclosure] Google Chrome Browser Vulnerability
  - From: Rishi Narang

Prev by Date: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Next by Date: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Previous by thread: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Next by thread: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Index(es):
- Date
- Thread