Full Disclosure mailing list archives
Re: Google Chrome Browser Vulnerability
From: Fionnbharr <thouth () gmail com>
Date: Thu, 4 Sep 2008 22:32:57 +1000
dear god people, I've got null ptr derefs in firefox but I don't make full disclosure posts about them. I care about them nearly as much as vulnz in a browser no one uses for more than 5 minutes. Get the fuck off my list. 2008/9/4 Juha-Matti Laurio <juha-matti.laurio () netti fi>:
FYI: This was assigned to BID30983: http://www.securityfocus.com/bid/30983 Juha-Matti Rishi Narang [psy.echo () gmail com] wrote:Hi, "Time" can definitely plays a major role. There was a collision that occurred due to the fact that I took time to find the real break point in the code, search for a template and to publish at EvilFingers site before sending it to Google and other bugtraqs. Even though I had the vulnerability 4 hrs well before the real publication of the bug and had the exploit along with the some crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3, different attack cases, exceptions of http/ftp and further debug logs; there was this bug published (though without the details of possible cases, exceptions and mouse hover techniques) couple of hours before I released it out at EvilFingers. So, I would like to convey due credit to Mr. JanDeMooij as well for his posting the bug on http://code.google.com/p/chromium/issues/detail?id=122, and thanks to Mr. Brennan for contacting me about the same. -- Thanks & Regards, Rishi Narang | Security Researcher Founder, GREYHAT Insight Key: 0x8D67A3A3 (www.greyhat.in/key.asc) www.greyhat.in .. eschew obfuscation, espouse elucidation. Wednesday, September 3, 2008, 5:43:40 AM, you wrote:-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Rishi Narang Sent: Tuesday, September 02, 2008 7:51 PM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] Google Chrome Browser VulnerabilityHi,--------------------------------------------------- Software: Google Chrome Browser 0.2.149.27Tested: Windows XP Professional SP3Result: Google Chrome Crashes with All TabsProblem: An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It fails in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.phpCredit: Rishi Narang (psy.echo) www.greyhat.in www.evilfingers.com ---------------------------------------------------_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Google Chrome Browser Vulnerability, (continued)
- Re: Google Chrome Browser Vulnerability Valdis . Kletnieks (Sep 03)
- Re: Google Chrome Browser Vulnerability Razi Shaban (Sep 03)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability redb0ne (Sep 03)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability redb0ne (Sep 03)
- Re: Google Chrome Browser Vulnerability Shyaam (Sep 03)
- Re: Google Chrome Browser Vulnerability redb0ne (Sep 03)
- Message not available
- Re: Google Chrome Browser Vulnerability Shyaam (Sep 03)
- Message not available
- Re: Google Chrome Browser Vulnerability Fionnbharr (Sep 04)
- Re: Google Chrome Browser Vulnerability Chris Pritchard (Sep 04)
- Re: Google Chrome Browser Vulnerability The Mad Hatter (Sep 04)
- Message not available
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 04)
- Re: Google Chrome Browser Vulnerability hannibal (Sep 05)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 05)