Site Overlay

How to crash Google Chrome

Google claims that its browser Google Chrome is able to isolate events that may crash a browser, isolated within those individual tabs. However, an issue exists with how Google Chrome handles undefined handlers in chrome.dll version 0.2.149.27 which is the latest version of the browser. A crash can result without any user interaction.

When a user visits a malicious link which has an undefined handler and followed by a special character, the browser crashes. You can also crash the browser by typing the characters :% in the Chrome URL bar. Google Chrome crashes with a message ” Whoa! Google Chrome has crashed. Restart now?”

Google Chrome crash

Tested on : Windows Vista SP1, Windows XP SP2, Windows XP SP3

Howto: Type :% in the Google Chrome URL bar

Google Chrome crashes with all Tabs

Proof of Concept:

Note: Do not hover over the link below if you are currently using Google Chrome and running something critical. Google Chrome actively links to any URL in any page. So, you don’t even have to click on the link below for Google Chrome to crash. A mere hover will do.

PoC Working exploit to crash Google Chrome:
Click for a demo HERE

According to SecuriTeam, it crashes on “int3” at 0x01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0x01002FF4

UPDATE (9/7/2008): Google has patched this vulnerability in Chrome. They released an update to the browser. Please make sure you update your current version to 0.2.149.29

Latest version of Google Chrome

Similar Posts:

Published By:

Author: Ajit Gaddam

Ajit Gaddam is an accomplished technology executive and is currently the Head of Security Engineering at Visa, where he is responsible for building large scale AI driven cybersecurity products, leading engineering programs, and providing expert guidance on cybersecurity matters. He has presented at conferences worldwide, including USENIX Enigma, RSA, Black Hat, Strata Data Hadoop, COSO Dublin, and GCS Ukraine. Ajit has been quoted by major media organizations and his work has been showcased in academic journals, security publications, and in two published books. He is an active participant in various open source and standards bodies, is a prolific inventor of disruptive technologies (over 100+ global patents), and moonlights as an instructor (SANS, community colleges).

2 thoughts on “How to crash Google Chrome

  1. A publicly presented exploit is one that would probably be fixed in a very short period of time. Google probably saw messages like this either sent to them or written on a site, and then got to work to remove the glitch that could be caused by said hovering. Finding glitches gets harder and harder over time, as the product is made more error-proof.

  2. Daniel McDicken says:

    LoL but funny to watch chrome crash! 😛 Bug’s in the worx…

    PoC Working/Exploit:
    Click for a demo (clicking will cause the browser to crash)
    HERE.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll Up