DoS vulnerability hits Google’s Chrome, crashes with all tabs
Posted on September 4th, 2008 at 6:50 amWhoa! Google Chrome has crashed. Restart now? While Google’s Chrome team is cheering, Rishi Narang from Evil Fingers is typing and releasing a proof of concept for a denial of service vulnerability that is successfully crashing the Chrome browser with all tabs. According to Narang’s advisory :
“An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3? at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.”
Yikes not a good thing but you can read the rest of the review Here if you are interested in this folks. Baldy
Leave a Reply
You must be logged in to post a comment.