Lifedork » free 0day exploit http://www.lifedork.net still GeeX? still SuX! Thu, 08 Jul 2010 16:15:55 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 http://www.lifedork.net http://www.lifedork.com/favicon.ico Lifedork Google Chrome 0Day Vulnerability Released ! http://www.lifedork.net/google-chrome-0day-vulnerability-released.html http://www.lifedork.net/google-chrome-0day-vulnerability-released.html#comments Wed, 03 Sep 2008 19:40:46 +0000 admin http://www.lifedork.com/?p=308 As We all know , Google Chrome has been released a few days ago . And You know what , the 0day for Google chrome browser has been released in yesterday as well ! hilarious. The advisory on Google Chrome itself was published by EvilFingers. And it’s also published on milw0rm as well.

Google Chrome

Google Chrome

Here ’s the short excerpt of the advisory :

—————————————————
Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.

Proof of Concept:

http://evilfingers.com/advisory/google_chrome_poc.php

Credit:
Rishi Narang
psy.echo [ at ] gmail.com
www.greyhat.in
www.evilfingers.com
—————————————————

Further info about this 0day can be grabbed here.
Cheerz!

]]> http://www.lifedork.net/google-chrome-0day-vulnerability-released.html/feed 4