Google claims that its browser Google Chrome is able to isolate events that may crash a browser, isolated within those individual tabs. However, an issue exists with how Google Chrome handles undefined handlers in chrome.dll version 0.2.149.27 which is the latest version of the browser. A crash can result without any user interaction.
When a user visits a malicious link which has an undefined handler and followed by a special character, the browser crashes. You can also crash the browser by typing the characters :% in the Chrome URL bar. Google Chrome crashes with a message ” Whoa! Google Chrome has crashed. Restart now?”
Tested on : Windows Vista SP1, Windows XP SP2, Windows XP SP3
Howto: Type :% in the Google Chrome URL bar
Google Chrome crashes with all Tabs
Proof of Concept:
Note: Do not hover over the link below if you are currently using Google Chrome and running something critical. Google Chrome actively links to any URL in any page. So, you don’t even have to click on the link below for Google Chrome to crash. A mere hover will do.
PoC Working exploit to crash Google Chrome:
Click for a demo HERE
According to SecuriTeam, it crashes on “int3” at 0x01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0x01002FF4
UPDATE (9/7/2008): Google has patched this vulnerability in Chrome. They released an update to the browser. Please make sure you update your current version to 0.2.149.29