Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google Chrome Browser Vulnerability

From: redb0ne () hush com
Date: Wed, 03 Sep 2008 16:39:45 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Even though I had the vulnerability 4 hrs well before the real
publication of the bug and had the exploit along with the some
crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3,
different attack cases, exceptions of http/ftp and further debug
logs; there was this bug published (though without the details of
possible cases, exceptions and mouse hover techniques) couple of
hours before I released it out at EvilFingers.


This is an out of bounds memory read that crashes the browser. It
is a major exaggeration to call this a vulnerability, especially
considering this is a beta browser. Not that others haven't already
said it, but people never seem to learn that a browser crash is a
stability issue, not a security issue.


-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 3.0

wpwEAQMCAAYFAki+9g8ACgkQGwcl4JwqQeBgBgP/YGeDE2VtxDaxw4S81LadJc0GbCJo
BmkN5g+6VhimPxUwvLgGyYoyaJg+Ab/cPzDELLMfp6h9jV+14jLO+2NYMnM8/G236Xjd
sew1u81YXnKUjaDkX0clUT9K9sWkQ2kJwnH6ZbMncnSpTXBLISiXyhoDCvtrdeTI1y8t
9a2kAMc=
=ysci
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: