← Advisories

Google Chrome Browser 0.2.149.27 Denial of Service Exploit

High

Advisory ID

ZSL-2008-4894

Release Date

04 September 2008

Vendor

Google Inc. - http://www.google.com

Affected Version

0.2.149.27

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

Google Chrome is a web browser that runs web pages and applications with lightning speed.

Description

An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It lies in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.

Proof of Concept

goodos.htmlTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Rishi Narang
Exploit coded by Gjoko Krstic

References

[1]http://packetstormsecurity.org/filedesc/google-chrome-dos2.txt.html

[2]http://www.lifedork.com/google-chrome-browser-crash-script-proof-of-concept.html

Changelog

04.09.2008Initial release