Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google Chrome Browser Vulnerability

From: "Chris Pritchard" <mailinglist () brainiacghost co uk>
Date: Thu, 4 Sep 2008 17:46:33 +0100
I don't think it's "your" list, and even if it was, you didn't have to be so 
rude about it

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Fionnbharr
Sent: 04 September 2008 13:33
To: Juha-Matti Laurio
Cc: full-disclosure () lists grok org uk; evil fingers
Subject: Re: [Full-disclosure] Google Chrome Browser Vulnerability

dear god people, I've got null ptr derefs in firefox but I don't make
full disclosure posts about them. I care about them nearly as much as
vulnz in a browser no one uses for more than 5 minutes. Get the fuck
off my list.

2008/9/4 Juha-Matti Laurio <juha-matti.laurio () netti fi>:

FYI:
This was assigned to BID30983:
http://www.securityfocus.com/bid/30983

Juha-Matti

Rishi Narang [psy.echo () gmail com] wrote:

Hi,

"Time" can definitely plays a major role.  There was a collision that 
occurred due to the fact that I took time to find the real break point in 
the code, search for a template and to publish at EvilFingers site before 
sending it to Google and other bugtraqs.

Even though I had the vulnerability 4 hrs well before the real publication 
of the bug and had the exploit along with the some crash details like "int 
3" Kernel Exception/Trap @ 0x01002FF3, different attack cases, exceptions 
of http/ftp and further debug logs; there was this bug published (though 
without the details of possible cases, exceptions and mouse hover 
techniques) couple of hours before I released it out at EvilFingers.

So, I would like to convey due credit to Mr. JanDeMooij as well for his 
posting the bug on http://code.google.com/p/chromium/issues/detail?id=122, 
and thanks to Mr. Brennan for contacting me about the same.

--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc)
www.greyhat.in

.. eschew obfuscation, espouse elucidation.

Wednesday, September 3, 2008, 5:43:40 AM, you wrote:


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Rishi
Narang
Sent: Tuesday, September 02, 2008 7:51 PM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Google Chrome Browser Vulnerability



Hi,



---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27



Tested:
Windows XP Professional SP3



Result:
Google Chrome Crashes with All Tabs



Problem:
An issue exists in how chrome behaves with undefined-handlers in
chrome.dll version 0.2.149.27. A crash can result without user
interaction. When a user is made to visit a malicious link, which has an
undefined handler followed by a 'special' character, the chrome crashes
with a Google Chrome message window "Whoa! Google Chrome has crashed.
Restart now?". It fails in dealing with the POP EBP instruction when
pointed out by the EIP register at 0x01002FF4.



Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php



Credit:
Rishi Narang (psy.echo)
www.greyhat.in
www.evilfingers.com
---------------------------------------------------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: smime.p7s
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: