Critical bug in Chrome browser

1.With Windows XP SP2, you can open Chrome, and follow the link. Then, click SaveAs Function (It will execute Calculator):

http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2.html

or

http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2-2.html

or

http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2-3.html

or

http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2-4.html

With others Windows i.e not XP SP 2, you can open Chrome, and follow the link. Then click SaveAs Function (Chrome will be crashed):

http://security.bkis.vn/Proof-Of-Concept/PoC-Crash.html
Description :
The vulnerability is caused due to a boundary error when handling the “SaveAs” function. On saving a malicious page with an overly long title ( tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users’ systems.

How an attacker could exploit the issue :
To exploit the Vulnerability, a hacker might construct a specially crafted Web page, which contains malicious code. He then tricks users into visiting his Website and convinces them to save this Page. Right after that, the code would be executed, giving him the privilege to make use of the affected system.

It is for Google Chrome 0.2.149.27

Credits: Le Duc Anh – SVRT member.

2. just copy paste the following in the address bar
:% (it will crash)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *