Your Ad Here

A Bug has been discovered in Google Chrome that causes the application to crash all tabs when the following string is entered into the address bar ":%" (minus quotes).

Furthermore, this bug can be expanded to work with with minimal user interaction (i.e. mouseover a link) when combined with undefined protocol handler such as "evil:%"

However, according to the developers of Chrome 'this is an unfortunate browser crash, but it shouldn't be exploitable beyond an annoyance'.

Affected Versions
0.2.149.27

References
http://evilfingers.com/advisory/google_chrome_poc.php
http://code.google.com/p/chromium/issues/detail?id=122
http://codereview.chromium.org/408

Posted by Cyber Trunks

0 comments:

Your Ad Here