Re: Google Chrome Browser Flaw

["Rhys Kidd" <rhyskidd () gmail com>]

Ah, no.

Google doesn't "own" the intellectual property in relation to the alleged
vulnerability on the mere basis that Rishi's previous email was sent from a
GMail account, and thus you assume from a Chrome browser - correct me if
this isn't your proposition.

Acceptance of Google's Chrome EULA means you assign a *license* to Google to
"*reproduce, adapt, modify, translate, publish, publicly perform, blah blah
blah*" your content. Licensing != transfer of ownership in common law
jurisdictions.

Yes, I agree the EULA seems a bit over the top, but after a few more
re-reads appears to be a non-technically aware lawyer's attempt to cover
their bases on doing things like gzip/deflate HTTP encoding..

"*11.3 You understand that Google, in performing the required technical
steps to provide the Services to our users, may ... make such changes to
your Content as are necessary to conform and adapt that Content to the
technical requirements of connecting networks, devices, services or media*"

Rhys

2008/9/3 Isaac Dawson <isaac.dawson () gmail com>

> Just remember,
> According the EULA you 'clicked', google now owns any vulnerability you
> find!
>
> http://tapthehive.com/discuss/This_Post_Not_Made_In_Chrome_Google_s_EULA_Sucks
> -isaac
>
> On Wed, Sep 3, 2008 at 11:04 AM, Rishi Narang <psy.echo () gmail com> wrote:
> > Hi,
> >
> > Here is a flaw in just released Google Chrome Browser (Beta). This not a
> really a "Jail-Break" remote execution type of serious vulnerability (till
> now, it doesn't seem one) but surely crashes the application (all tabs) and
> needs a browser restart. But, as a whole the browser surely is very neat and
> fast!
> > Google with its own simplicity and creativity, has taken integrated
> features of top browsers - Firefox, IE, Safari etc. Hope, it didn't catch
> their bugs too, as the old Carpet Bombing Attack and other speculations
> going in wild!
> > ---------------------------------------------------
> > Software:
> > Google Chrome Browser 0.2.149.27
> >
> > Tested:
> > Windows XP Professional SP3
> >
> > Result:
> > Google Chrome Crashes with All Tabs
> >
> > Problem:
> > An issue exists in how chrome behaves with undefined-handlers in
> chrome.dll version 0.2.149.27. A crash can result without user
> interaction. When a user is made to visit a malicious link, which has an
> undefined handler followed by a 'special' character, the chrome crashes with
> a Google Chrome message window "Whoa! Google Chrome has crashed. Restart
> now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap (kernel),
> followed by "POP EBP" instruction when pointed out by the EIP register at
> 0x01002FF4.
> > Proof of Concept:
> > http://evilfingers.com/advisory/google_chrome_poc.php
> >
> > Credit:
> > Rishi Narang
> > www.greyhat.in
> > www.evilfingers.com
> > ---------------------------------------------------
> >
> > --
> > Thanks & Regards,
> > Rishi Narang | Security Researcher
> > Founder, GREYHAT Insight
> > Key: 0x8D67A3A3 (www.greyhat.in/key.asc)
> > www.greyhat.in
> >
> > ... eschew obfuscation, espouse elucidation.
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunitysec com
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave