Google high gloss security
So Google released it’s own high-gloss webbrowser, based on Apples rock-solid and security-proven WebKit. They sell their concept of having seperated processes in every browser tab by a better scalability, less negative effects of memory-leaks and especially security. But what’s that:
Software: Google Chrome Browser 0.2.149.27
Tested: Windows XP Professional SP3
Result: Google Chrome Crashes with All Tabs
Problem: An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.
Proof of Concept: http://evilfingers.com/advisory/google_chrome_poc.php
Credit: Rishi Narang, www.greyhat.in, www.evilfingers.com
PoC Working/Exploit: Click for a demo HERE , actually just loading this webpage opens a debbugger 
So, security still seems to be more than using some very old skin-deep concepts! We are in 2008… even Google should know a lot of better design principles for security, garbage collecting and scaling than using multiple processes! And hey… what tell’s us this storry about software testing at Google’s?
Recent Entries
- Is my code compiled on Mono (or Microsoft .NET)?
- Definition of C#
- Google Wave – A Revolution done wrong!
- C# and implicit conversions
- Mein Cluster hat vier Räder ;)
- OpenVPN and Windows7
- M$ SharePoint and Symlinks…
- Die sones GmbH sucht weitere engagierte Softwareentwickler
- Detexify2 – Latex symbol classifier
- Piratenspot “Klarmachen zum Ändern” 2009
