Dailydave mailing list archives
Re: Google Chrome Browser Flaw
From: "Matthieu Suiche" <msuiche () gmail com>
Date: Wed, 3 Sep 2008 19:01:01 +0200
This is not a vulnerability. This is only a bug located inside chrome.dll because of Microsoft Visual Studio C-Run-Time Libraries. (As you can see Google is able to make a faster browser than IE8 by using Microsoft products :-)) The breakpoint is executed by _invalid_parameter() (from _invalid_parameter_noinfo()) function (Defined in crt/src/invarg.c) _invalid_parameter() function is called when an invalid argument is passed into a CRT function. If you try to read "toto:%" it won't successfuly identify the target, then it will try to find a correct target as a each well know different protocol (ftp, https, ...) through memcpy_s() (see http://msdn.microsoft.com/en-us/library/8ef0s5kh(VS.80).aspx) function each time. The problem looks to come from \\autocomplete\\autocomplete.cc file. This give us interesting interesting information like, Google is using Visual Studio >= 8.0 and should respect Microsoft security guidelines while developping Google Chrome. Let's see if these "new" guidelines will help to provide a safer browser... On Wed, Sep 3, 2008 at 2:46 PM, Isaac Dawson <isaac.dawson () gmail com> wrote:
Just remember, According the EULA you 'clicked', google now owns any vulnerability you find! http://tapthehive.com/discuss/This_Post_Not_Made_In_Chrome_Google_s_EULA_Sucks -isaac On Wed, Sep 3, 2008 at 11:04 AM, Rishi Narang <psy.echo () gmail com> wrote:Hi, Here is a flaw in just released Google Chrome Browser (Beta). This not a really a "Jail-Break" remote execution type of serious vulnerability (till now, it doesn't seem one) but surely crashes the application (all tabs) and needs a browser restart. But, as a whole the browser surely is very neat and fast! Google with its own simplicity and creativity, has taken integrated features of top browsers - Firefox, IE, Safari etc. Hope, it didn't catch their bugs too, as the old Carpet Bombing Attack and other speculations going in wild! --------------------------------------------------- Software: Google Chrome Browser 0.2.149.27 Tested: Windows XP Professional SP3 Result: Google Chrome Crashes with All Tabs Problem: An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap (kernel), followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4. Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php Credit: Rishi Narang www.greyhat.in www.evilfingers.com --------------------------------------------------- -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in ... eschew obfuscation, espouse elucidation. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- Matthieu Suiche _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Google Chrome Browser Flaw Rishi Narang (Sep 03)
- Re: Google Chrome Browser Flaw Isaac Dawson (Sep 03)
- Re: Google Chrome Browser Flaw sub (Sep 03)
- Re: Google Chrome Browser Flaw Rhys Kidd (Sep 03)
- Re: Google Chrome Browser Flaw Matthieu Suiche (Sep 03)
- Re: Google Chrome Browser Flaw Rishi Narang (Sep 03)
- Re: Google Chrome Browser Flaw Isaac Dawson (Sep 03)