Dailydave mailing list archives
Re: Google Chrome Browser Flaw
From: "Rhys Kidd" <rhyskidd () gmail com>
Date: Wed, 3 Sep 2008 23:16:24 +0800
Ah, no. Google doesn't "own" the intellectual property in relation to the alleged vulnerability on the mere basis that Rishi's previous email was sent from a GMail account, and thus you assume from a Chrome browser - correct me if this isn't your proposition. Acceptance of Google's Chrome EULA means you assign a *license* to Google to "*reproduce, adapt, modify, translate, publish, publicly perform, blah blah blah*" your content. Licensing != transfer of ownership in common law jurisdictions. Yes, I agree the EULA seems a bit over the top, but after a few more re-reads appears to be a non-technically aware lawyer's attempt to cover their bases on doing things like gzip/deflate HTTP encoding.. "*11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may ... make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media*" Rhys 2008/9/3 Isaac Dawson <isaac.dawson () gmail com>
Just remember, According the EULA you 'clicked', google now owns any vulnerability you find! http://tapthehive.com/discuss/This_Post_Not_Made_In_Chrome_Google_s_EULA_Sucks -isaac On Wed, Sep 3, 2008 at 11:04 AM, Rishi Narang <psy.echo () gmail com> wrote:Hi, Here is a flaw in just released Google Chrome Browser (Beta). This not areally a "Jail-Break" remote execution type of serious vulnerability (till now, it doesn't seem one) but surely crashes the application (all tabs) and needs a browser restart. But, as a whole the browser surely is very neat and fast!Google with its own simplicity and creativity, has taken integratedfeatures of top browsers - Firefox, IE, Safari etc. Hope, it didn't catch their bugs too, as the old Carpet Bombing Attack and other speculations going in wild!--------------------------------------------------- Software: Google Chrome Browser 0.2.149.27 Tested: Windows XP Professional SP3 Result: Google Chrome Crashes with All Tabs Problem: An issue exists in how chrome behaves with undefined-handlers inchrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap (kernel), followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4.Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php Credit: Rishi Narang www.greyhat.in www.evilfingers.com --------------------------------------------------- -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Google Chrome Browser Flaw Rishi Narang (Sep 03)
- Re: Google Chrome Browser Flaw Isaac Dawson (Sep 03)
- Re: Google Chrome Browser Flaw sub (Sep 03)
- Re: Google Chrome Browser Flaw Rhys Kidd (Sep 03)
- Re: Google Chrome Browser Flaw Matthieu Suiche (Sep 03)
- Re: Google Chrome Browser Flaw Rishi Narang (Sep 03)
- Re: Google Chrome Browser Flaw Isaac Dawson (Sep 03)