06 Jun 08 More Chrome Security Flaws

Since Google Chrome is still officially, “beta”, there will be a lot of security flaws and bugs that need to be fixed.

I heard about a security flaw where users are not promoted before downloading last week and Google has fixed it but here’s another one found by a company:

Vietnamese security company Bach Khoa Internet Security (BKIS) has found a flaw in Google Chrome 0.2.149.27 and posted details on its Web site. The company says the problem is a critical buffer-overflow vulnerability that could allow a hacker to perform a remote attack and take complete control of the affected system.

Here’s the proof of concept code:

An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.

I am sure Google will get this little bug fixed real soon but in the meanwhile, you can send any bugs you find to: tips [at] chrome-hacks.net.

via informationweek Tags:bach khoa, bkis, buffer overflow vulnerability, bugs, Chrome Security Flaws/Bugs, complete control, crash, crashes, ebp, google, hacker, hacks, internet security, little bug, message window, proof of concept, security company, security flaw, security flaws