‘Google Chrome Browser URL Handler Crash’

Summary

An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ‘special’ character, the chrome crashes with a Google Chrome message window ‘Whoa! Google Chrome has crashed. Restart now?’. It crashes on ‘int 3’ at 0x01002FF3 as an exception/trap, followed by ‘POP EBP’ instruction when pointed out by the EIP register at 0x01002FF4.’

Credit:

‘The information has been provided by Rishi Narang.
The original article can be found at: http://evilfingers.com/advisory/google_chrome_poc.php


Details

Vulnerable Systems:
 * Google Chrome Browser version 0.2.149.27

PoC Working/Exploit:
Click for a demo (clicking will cause the browser to crash) HERE.’

Categories: News