EvilFinders posts - Security

September 3, 2008 7:29 AM PDT

On Wednesday, researchers announced a flaw in how the Google Chrome browser behaves with undefined handlers. An exploit provided as a demonstration crashes the new browser.

In an article on the Securiteam site, Rishi Narang from Evilfingers says a crash can occur without user interaction. If a user is provided a malicious link with an undefined handler followed by a special character, Chrome crashes.

In Google-speak, the browser displays a message "Whoa, Google Chrome has crashed. Restart now?"

Narang found the fault in chrome.dll version 0.2.149.27. More details can be found on this Evilfingers page.

And on Tuesday, mere hours after Chrome was released, researcher Aviv Raff concocted a proof-of-concept demo to show how the Google browser could be made vulnerable to a carpet-bombing flaw and thus open a window for ill-intentioned hackers.

Click here for full coverage of the Google Chrome launch.

Topics:: Vulnerabilities and attacks,; News

Tags:: security,; Securiteam,; Rishi Narang,; EvilFinders,; Chrome,; Google

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Deep Tech
Mozilla pushes back Firefox 3.6, 4.0 deadlines
The newest version of the open-source browser won't arrive this year, and a major update might not arrive until 2011. But there are plenty of features coming.
Gallery
A real-world test of Google Goggles visual search (photos)
Apple
Another holiday blowout for Apple?
Remarking on Apple's December quarter in a note to investors, a Thomas Weisel Partners analyst says iPhone and iMac sales for the period have been quite strong.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Behind the scenes of CBS's NFL coverage
Technically Incorrect
Escaped convict continues to update Facebook
Craig "Lazie" Lynch has been on the run from a U.K. prison since September. However, he continues to taunt police by updating his Facebook status. Now he is threatening to quit.
Video
Deep-sea volcanic explosion--part 2 (video)
The Social
Facebook COO nominated to Disney board
Sheryl Sandberg, who has been chief operating officer of the social network for nearly two years now, will join the board if shareholders approve in March.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
Top-rated reviews of the week (photos)
Crave
Get freaky with samurai sword earbuds
Japan's Solid Alliance gets funky with wacky earbuds that feature samurai swords, mushrooms, apples, and even miniature ears.
Green Tech
Smart-grid spending to hit $200 billion by 2015
Technologies to automate and upgrade the grid will capture most of the $200 billion invested in modernizing electrical power systems, says Pike Research.