Google Chrome 0Day Vulnerability Released !

As We all know , Google Chrome has been released a few days ago . And You know what , the 0day for Google chrome browser has been released in yesterday as well ! hilarious. The advisory on Google Chrome itself was published by EvilFingers. And it’s also published on milw0rm as well.

Google Chrome

Google Chrome

Here ’s the short excerpt of the advisory :

—————————————————
Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.

Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php

Credit:
Rishi Narang
psy.echo [ at ] gmail.com
www.greyhat.in
www.evilfingers.com
—————————————————

Further info about this 0day can be grabbed here.
Cheerz!

Computer Security Stuff on eBay!
Electronics stuffs on ebay

Some people come to this post with this search term: credits to pramode & Checkmate, chrome 0day, allintext: “Credits to Pramode & Checkmate”, google chrome, chrome, google chrome 0day, 0-day exploit chrome, 0day, chrome 0-day, vulnerability security 0day, google chrome home page images, friendster vulnerability, y, Google Chrome Download Vulnerability, WHAT IS 0-Day, chrome exploit in Metasploit, how to see a private myspace profile with google chrome, cache:50628GRfAMMJ:www.lifedork.net/google-chrome-0day-vulnerability-released.html hack a myspace profile google chrome, who:everyone 0day, 2008-09-03 Google Chrome Browser 0.2.149.27 Automatic File Download Exploit,

And here is the related entries of this post:

4 Responses to “Google Chrome 0Day Vulnerability Released !”

  1. also don’t forget that Chrome is also prone to carpet bombing…

    http://cskane.wordpress.com/2008/09/03/google-chrome-has-the-same-bomb-as-safari/

  2. @dblackshell : Nice info , dude :)

  3. [...] Chrome ’s Carpet Bomb Yesterday I posted about a 0day occured on Google Chrome Browser , and just today dblackshell informed me about another security [...]

  4. [...] to find any security flaw on this, brand new Google Chrome Browser ! This post is still related to my Google Chrome 0day article anyway. Well , I just took my daily rss-reading on Packetstormsecurity , and found 2 Advisories on [...]

Leave a Reply