*** Update *** Flaw Demo included.
The issue exists in the way that Chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27.
This crash can occur without any user interaction.
When a Malicious link is visited, that has a 'special' character after an undefined handler, The browser crashes, with a message "Whoa! Google Chrome has crashed. Restart Now?"
(source: http://evilfingers.com/advisory/google_chrome_poc.php , credit: Rishi Narang)
There is a demo of the working flaw at the source site.
Due to the Open source nature of the Chrome Browser, and the fact that its from such a prominent company I expect this flaw will be the first of many as coders and researchers alike tear it apart looking for flaws.
Mouse over the following link to crash Chrome CRASH CHROME
Other related posts:
New Zealand goes live with its nationwide content filtering firewall
Michael Jackson, dies of Heart attack. aged 50
5.0 on the ricter scale earthquake in Los Angeles
Comment by Screeb, on 4-Sep-2008 17:07
According to the developers who responded on the bug tracker, it's not exploitable security-wise (save for annoying you with a browser crash). Not serious by any means.
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.