‘Google Chrome Browser URL Handler Crash’


An issue exists in how chrome behaves with undefined-handlers in chrome.dll version A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ‘special’ character, the chrome crashes with a Google Chrome message window ‘Whoa! Google Chrome has crashed. Restart now?’. It crashes on ‘int 3’ at 0x01002FF3 as an exception/trap, followed by ‘POP EBP’ instruction when pointed out by the EIP register at 0x01002FF4.’


‘The information has been provided by Rishi Narang.
The original article can be found at: http://evilfingers.com/advisory/google_chrome_poc.php


Vulnerable Systems:
 * Google Chrome Browser version

PoC Working/Exploit:
Click for a demo (clicking will cause the browser to crash) HERE.’

Categories: News