Bug&Exp → Google Chrome Browser 0.2.149.27 malicious link DoS Vulnerability
精选文章,转载请注明: 转载自太子King’S Blog
本文链接地址: Google Chrome Browser 0.2.149.27 malicious link DoS Vulnerability
Software:
Google Chrome Browser 0.2.149.27
Tested:
Windows XP Professional SP3
Result:
Google Chrome Crashes with All Tabs
Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version
0.2.149.27. A crash can result without user interaction. When a user is made to visit
a malicious link, which has an undefined handler followed by a 'special' character,
the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed.
Restart now?”. It lies in dealing with the POP EBP instruction when pointed out by the
EIP register at 0×01002FF4.
Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php
Credit:
Rishi Narang (psy.echo)
www.greyhat.in
www.evilfingers.com
—————————————————
PoC Working/Exploit:
Click for a demo <a href=”EVIL:%”>HERE</a>
