"denial of service vulnerability that is successfully crashing the Chrome browser with all tabs"
wait a min... they said all those tabs were separate processes to avoid futzin w/ other tabs like this. so how is this working?
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”.
think it was a fuzz?
i haven't dug around the nix source yet, but i bet the protocol handler is part of the chrome process, and receives data passed up by all of the tab processes.
those critical vulns that affect the entire browser space are still there... prolly time will tell if there are less, or if they're harder to get too, or easier to fix. ;)
No comments:
Post a Comment