Full Disclosure mailing list archives

Re: Google Chrome Browser Vulnerability

From: "James Matthews" <nytrokiss () gmail com>
Date: Tue, 2 Sep 2008 21:34:58 -0700

The same thing happened to safari when it came out on windows.

On Tue, Sep 2, 2008 at 5:13 PM, Larry Seltzer <larry () larryseltzer com>wrote:

Holy crap, a crash bug in a beta browser!

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Rishi
Narang
Sent: Tuesday, September 02, 2008 7:51 PM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Google Chrome Browser Vulnerability

Hi,

---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in
chrome.dll version 0.2.149.27. A crash can result without user
interaction. When a user is made to visit a malicious link, which has an
undefined handler followed by a 'special' character, the chrome crashes
with a Google Chrome message window "Whoa! Google Chrome has crashed.
Restart now?". It fails in dealing with the POP EBP instruction when
pointed out by the EIP register at 0x01002FF4.

Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php

Credit:
Rishi Narang (psy.echo)
www.greyhat.in
www.evilfingers.com
---------------------------------------------------

--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc)
www.greyhat.in

... eschew obfuscation, espouse elucidation.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
http://www.goldwatches.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Google Chrome Browser Vulnerability, (continued)
- - - Re: Google Chrome Browser Vulnerability silky (Sep 02)
    - Re: Google Chrome Browser Vulnerability n3td3v (Sep 02)
    - Re: Google Chrome Browser Vulnerability Giancarlo Razzolini (Sep 02)
    - Re: Google Chrome Browser Vulnerability n3td3v (Sep 02)
    - Re: Google Chrome Browser Vulnerability Urlan (Sep 02)
    - Re: Google Chrome Browser Vulnerability The Mad Hatter (Sep 02)
    - Re: Google Chrome Browser Vulnerability Urlan (Sep 03)
    - Re: Google Chrome Browser Vulnerability Anders Klixbull (Sep 03)
    - Re: Google Chrome Browser Vulnerability Fabio N Sarmento [ Gmail ] (Sep 03)
    - Re: Google Chrome Browser Vulnerability Urlan (Sep 03)
  - Re: Google Chrome Browser Vulnerability James Matthews (Sep 02)
    - Re: Google Chrome Browser Vulnerability M . B . Jr . (Sep 05)
  - Re: Google Chrome Browser Vulnerability Rishi Narang (Sep 03)
- Re: Google Chrome Browser Vulnerability Paul Ferguson (Sep 02)
  - Re: Google Chrome Browser Vulnerability Andrew Farmer (Sep 03)
- Re: Google Chrome Browser Vulnerability Paul Ferguson (Sep 03)
  - Re: Google Chrome Browser Vulnerability silky (Sep 03)
    - Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
    - Re: Google Chrome Browser Vulnerability Valdis . Kletnieks (Sep 03)
    - Re: Google Chrome Browser Vulnerability Razi Shaban (Sep 03)
    - Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)

(Thread continues...)