Re: Google Chrome Browser Vulnerability

[Rishi Narang <psy.echo () gmail com>]

Hello Larry,

Ya, a beta browser (though I forgot to mention it) but, is there any product from Google not in Beta ;) Thanks, our 
searches are not through a beta search engine. Anyways, it's just an attempt to make it a better place to browse and 
help it come out of Beta. 
Rest, I very much liked the minimalist approach and simplicity of it + fast surfing speed. Cheers!

Just my 2 cents.
--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc) 
www.greyhat.in 

... eschew obfuscation, espouse elucidation.

Wednesday, September 3, 2008, 5:43:40 AM, you wrote:

> Holy crap, a crash bug in a beta browser! 

> Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blogs.pcmag.com/securitywatch/
> Contributing Editor, PC Magazine
> larry.seltzer () ziffdavisenterprise com


> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk
> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Rishi
> Narang
> Sent: Tuesday, September 02, 2008 7:51 PM
> To: full-disclosure () lists grok org uk
> Subject: [Full-disclosure] Google Chrome Browser Vulnerability

> Hi,

> ---------------------------------------------------
> Software:
> Google Chrome Browser 0.2.149.27

> Tested:
> Windows XP Professional SP3

> Result:
> Google Chrome Crashes with All Tabs

> Problem:
> An issue exists in how chrome behaves with undefined-handlers in
> chrome.dll version 0.2.149.27. A crash can result without user
> interaction. When a user is made to visit a malicious link, which has an
> undefined handler followed by a 'special' character, the chrome crashes
> with a Google Chrome message window "Whoa! Google Chrome has crashed.
> Restart now?". It fails in dealing with the POP EBP instruction when
> pointed out by the EIP register at 0x01002FF4.

> Proof of Concept:
> http://evilfingers.com/advisory/google_chrome_poc.php

> Credit:
> Rishi Narang (psy.echo)
> www.greyhat.in
> www.evilfingers.com
> ---------------------------------------------------

> --
> Thanks & Regards,
> Rishi Narang | Security Researcher
> Founder, GREYHAT Insight
> Key: 0x8D67A3A3 (www.greyhat.in/key.asc) 
> www.greyhat.in 

> ... eschew obfuscation, espouse elucidation.

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/