As We all know , Google Chrome has been released a few days ago . And You know what , the 0day for Google chrome browser has been released in yesterday as well ! hilarious. The advisory on Google Chrome itself was published by EvilFingers. And it’s also published on milw0rm as well.
Google Chrome
Here ’s the short excerpt of the advisory :
—————————————————
Software:
Google Chrome Browser 0.2.149.27Tested:
Windows XP Professional SP3Result:
Google Chrome Crashes with All TabsProblem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.phpCredit:
Rishi Narang
psy.echo [ at ] gmail.com
www.greyhat.in
www.evilfingers.com
—————————————————
Further info about this 0day can be grabbed here.
Cheerz!
Electronics stuffs on ebay
Google Chrome 0Day Vulnerability Released ! is posted on September 3rd, 2008 by admin. This post is filed under: Security, exploits, secInfo, 0day, 0day exploit, free 0day exploit, Google Chrome, Google Chrome advisory .
Some people come to this post with this search term: credits to pramode & Checkmate, chrome 0day, allintext: “Credits to Pramode & Checkmate”, google chrome, chrome, google chrome 0day, 0-day exploit chrome, 0day, chrome 0-day, vulnerability security 0day, google chrome home page images, friendster vulnerability, y, Google Chrome Download Vulnerability, WHAT IS 0-Day, chrome exploit in Metasploit, how to see a private myspace profile with google chrome, cache:50628GRfAMMJ:www.lifedork.net/google-chrome-0day-vulnerability-released.html hack a myspace profile google chrome, who:everyone 0day, 2008-09-03 Google Chrome Browser 0.2.149.27 Automatic File Download Exploit,
And here is the related entries of this post:
also don’t forget that Chrome is also prone to carpet bombing…
http://cskane.wordpress.com/2008/09/03/google-chrome-has-the-same-bomb-as-safari/
@dblackshell : Nice info , dude
[...] Chrome ’s Carpet Bomb Yesterday I posted about a 0day occured on Google Chrome Browser , and just today dblackshell informed me about another security [...]
[...] to find any security flaw on this, brand new Google Chrome Browser ! This post is still related to my Google Chrome 0day article anyway. Well , I just took my daily rss-reading on Packetstormsecurity , and found 2 Advisories on [...]