[Dailydave] Google Chrome Browser Flaw

sub sub at room641a.net
Wed Sep 3 12:17:22 EDT 2008 

For those of you not wanting to subject yourself to Google's EULA,
which applies to the binary release only, you can compile "Chromium"
from source which is licensed under a "BSD-style" license and does not
have any additional license agreements that I am aware of.

http://dev.chromium.org/Home

On Wed, Sep 3, 2008 at 5:46 AM, Isaac Dawson <isaac.dawson at gmail.com> wrote:
> Just remember,
> According the EULA you 'clicked', google now owns any vulnerability you find!
> http://tapthehive.com/discuss/This_Post_Not_Made_In_Chrome_Google_s_EULA_Sucks
> -isaac
>
> On Wed, Sep 3, 2008 at 11:04 AM, Rishi Narang <psy.echo at gmail.com> wrote:
>> Hi,
>>
>> Here is a flaw in just released Google Chrome Browser (Beta). This not a really a "Jail-Break" remote execution type of serious vulnerability (till now, it doesn't seem one) but surely crashes the application (all tabs) and needs a browser restart. But, as a whole the browser surely is very neat and fast!
>>
>> Google with its own simplicity and creativity, has taken integrated features of top browsers - Firefox, IE, Safari etc. Hope, it didn't catch their bugs too, as the old Carpet Bombing Attack and other speculations going in wild!
>>
>> ---------------------------------------------------
>> Software:
>> Google Chrome Browser 0.2.149.27
>>
>> Tested:
>> Windows XP Professional SP3
>>
>> Result:
>> Google Chrome Crashes with All Tabs
>>
>> Problem:
>> An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap (kernel), followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4.
>>
>> Proof of Concept:
>> http://evilfingers.com/advisory/google_chrome_poc.php
>>
>> Credit:
>> Rishi Narang
>> www.greyhat.in
>> www.evilfingers.com
>> ---------------------------------------------------
>>
>> --
>> Thanks & Regards,
>> Rishi Narang | Security Researcher
>> Founder, GREYHAT Insight
>> Key: 0x8D67A3A3 (www.greyhat.in/key.asc)
>> www.greyhat.in
>>
>> ... eschew obfuscation, espouse elucidation.
>>
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunitysec.com
>> http://lists.immunitysec.com/mailman/listinfo/dailydave
>>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>

More information about the Dailydave mailing list