[prev in list] [next in list] [prev in thread] [next in thread]
List: dailydave
Subject: Re: [Dailydave] Google Chrome Browser Flaw
From: Rishi Narang <psy.echo () gmail ! com>
Date: 2008-09-03 19:51:17
Message-ID: 616417460.20080904010917 () gmail ! com
[Download RAW message or body]
Hi,
"Time" can definitely plays a major role. There was a collision that occurred due to \
the fact that I took time to find the real break point in the code, search for a \
template and to publish at EvilFingers site before sending it to Google and other \
bugtraqs.
Even though I had the vulnerability 4 hrs well before the real publication of the bug \
and had the exploit along with the some crash details like "int 3" Kernel \
Exception/Trap @ 0x01002FF3, different attack cases, exceptions of http/ftp and \
further debug logs; there was this bug published (though without the details of \
possible cases, exceptions and mouse hover techniques) couple of hours before I \
released it out at EvilFingers.
So, I would like to convey due credit to Mr. JanDeMooij as well for his posting the \
bug on http://code.google.com/p/chromium/issues/detail?id=122, and thanks to Mr. \
Brennan for contacting me about the same.
--
Thanks & Regards,
Rishi Narang | Security Researcher
Founder, GREYHAT Insight
Key: 0x8D67A3A3 (www.greyhat.in/key.asc)
www.greyhat.in
... eschew obfuscation, espouse elucidation.
Wednesday, September 3, 2008, 6:16:01 PM, you wrote:
> On Wed, Sep 3, 2008 at 11:04 AM, Rishi Narang <psy.echo@gmail.com> wrote:
> > Hi,
> > Here is a flaw in just released Google Chrome Browser (Beta). This not a really a \
> > "Jail-Break" remote execution type of serious vulnerability (till now, it doesn't \
> > seem one) but surely crashes the application (all tabs) and needs a browser \
> > restart. But, as a whole the browser surely is very neat and fast!
> > Google with its own simplicity and creativity, has taken integrated features of \
> > top browsers - Firefox, IE, Safari etc. Hope, it didn't catch their bugs too, as \
> > the old Carpet Bombing Attack and other speculations going in wild!
> > ---------------------------------------------------
> > Software:
> > Google Chrome Browser 0.2.149.27
> > Tested:
> > Windows XP Professional SP3
> > Result:
> > Google Chrome Crashes with All Tabs
> > Problem:
> > An issue exists in how chrome behaves with undefined-handlers in chrome.dll \
> > version 0.2.149.27. A crash can result without user interaction. When a user is \
> > made to visit a malicious link, which has an undefined handler followed by a \
> > 'special' character, the chrome crashes with a Google Chrome message window \
> > "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at \
> > 0x01002FF3 as an exception/trap (kernel), followed by "POP EBP" instruction when \
> > pointed out by the EIP register at 0x01002FF4.
> > Proof of Concept:
> > http://evilfingers.com/advisory/google_chrome_poc.php
> > Credit:
> > Rishi Narang
> > www.greyhat.in
> > www.evilfingers.com
> > ---------------------------------------------------
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic