Google Chrome 0Day Vulnerability Released !

As We all know , Google Chrome has been released a few days ago . And You know what , the 0day for Google chrome browser has been released in yesterday as well ! hilarious. The advisory on Google Chrome itself was published by EvilFingers. And it’s also published on milw0rm as well.

Google Chrome

Google Chrome

Here ’s the short excerpt of the advisory :

—————————————————
Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.

Proof of Concept:

http://evilfingers.com/advisory/google_chrome_poc.php

Credit:
Rishi Narang
psy.echo [ at ] gmail.com
www.greyhat.in
www.evilfingers.com
—————————————————

Further info about this 0day can be grabbed here.
Cheerz!

Recenly search

Incoming search terms for the article:

0day google dorkhidden meaning in google logoshocking hidden message behind google 2010 logo,  
Popular Today naruto shippuden 170 videologcat physics walkthroughnaruto shippuden 168 videologfacebook spybacktrack 3shy enginevtunnelBackTrack tutorialbacktrack 3 tutorialfacebook photo viewerSee The Shocking Hidden Message In The Google Logo that GOOGLE Does NOT Want You To Know About!how to view private myspace picturesmy empire hackview private myspace picturesSHOCKING: RUDE HIDDEN MESSAGE in Toy Story 3!facebook keyloggerHIDDEN MESSAGE IN GOOGLE LOGOTerri Moulton Hormanrapidleechbrute force facebook,   Computer Security Stuff on eBay!
Electronics stuffs on ebay

4 Responses to “Google Chrome 0Day Vulnerability Released !”

  1. also don’t forget that Chrome is also prone to carpet bombing…

    http://cskane.wordpress.com/2008/09/03/google-chrome-has-the-same-bomb-as-safari/

  2. @dblackshell : Nice info , dude :)

  3. [...] Chrome ’s Carpet Bomb Yesterday I posted about a 0day occured on Google Chrome Browser , and just today dblackshell informed me about another security [...]

  4. [...] to find any security flaw on this, brand new Google Chrome Browser ! This post is still related to my Google Chrome 0day article anyway. Well , I just took my daily rss-reading on Packetstormsecurity , and found 2 Advisories on [...]

Leave a Reply