{"id":684,"date":"2008-09-03T15:03:41","date_gmt":"2008-09-03T14:03:41","guid":{"rendered":"http:\/\/www.mitternachtshacking.de\/blog\/684-und-die-exploits-folgen"},"modified":"2012-06-07T17:10:56","modified_gmt":"2012-06-07T16:10:56","slug":"und-die-exploits-folgen","status":"publish","type":"post","link":"https:\/\/www.mitternachtshacking.de\/blog\/684-und-die-exploits-folgen","title":{"rendered":"Und die Exploits folgen &#8230;"},"content":{"rendered":"<p> Software:<br \/>\nGoogle Chrome Browser 0.2.149.27<\/p>\n<p>Tested:<br \/>\nWindows XP Professional SP3<\/p>\n<p>Result:<br \/>\nGoogle Chrome Crashes with All Tabs<\/p>\n<p>Problem:<br \/>\nAn issue exists in how chrome behaves with undefined-handlers in chrome.dll version<br \/>\n0.2.149.27. A crash can result without user interaction. When a user is made to visit<br \/>\na malicious link, which has an undefined handler followed by a &#8217;special&#8216; character,<br \/>\nthe chrome crashes with a Google Chrome message window &#8222;Whoa! Google Chrome has crashed. Restart now?&#8220;. It lies in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.<\/p>\n<p>Proof of Concept:<br \/>\nhttp:\/\/evilfingers.com\/advisory\/google_chrome_poc.php<\/p>\n<p>Credit:<br \/>\nRishi Narang (psy.echo)<br \/>\nwww.greyhat.in<br \/>\nwww.evilfingers.com<\/p>\n<p>(via <a href=\"http:\/\/www.milw0rm.com\/exploits\/6353\">Milw0rm<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Software: Google Chrome Browser 0.2.149.27 Tested: Windows XP Professional SP3 Result: Google Chrome Crashes with All Tabs Problem: An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[8],"tags":[],"_links":{"self":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts\/684"}],"collection":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/comments?post=684"}],"version-history":[{"count":0,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts\/684\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/media?parent=684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/categories?post=684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/tags?post=684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}