Google claims that its browser Google Chrome is able to isolate events that may crash a browser, isolated within those individual tabs. However, an issue exists with how Google Chrome handles undefined handlers in chrome.dll version 0.2.149.27 which is the latest version of the browser. A crash can result without any user interaction.

When a user visits a malicious link which has an undefined handler and followed by a special character, the browser crashes. You can also crash the browser by typing the characters :% in the Chrome URL bar. Google Chrome crashes with a message ” Whoa! Google Chrome has crashed. Restart now?”

Google Chrome crash

Tested on : Windows Vista SP1, Windows XP SP2, Windows XP SP3

Howto: Type :% in the Google Chrome URL bar

Google Chrome crashes with all Tabs

Proof of Concept:

Note: Do not hover over the link below if you are currently using Google Chrome and running something critical. Google Chrome actively links to any URL in any page. So, you don’t even have to click on the link below for Google Chrome to crash. A mere hover will do.

PoC Working exploit to crash Google Chrome:
Click for a demo HERE

According to SecuriTeam, it crashes on “int3” at 0x01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0x01002FF4

UPDATE (9/7/2008): Google has patched this vulnerability in Chrome. They released an update to the browser. Please make sure you update your current version to 0.2.149.29

Latest version of Google Chrome

Similar Posts:

Print Friendly, PDF & Email