Okay so this is a quick post on how to crash google chrome (not that you would want to do it, but just for fun).
- This one was discovered by Rishi Agarwal, one of my hostel-mates: type in 'About:%' in the address bar, without the quotes, and the browser with all its tabs crashes instantly (even before you press the enter key). I think chrome was all about sandboxing of tabs... but apparently theres still some work to be done.
(Correction: I just realized here that just typing in ':%' is enough to crash the browser!) - For those interested in crashing Chrome through some under the cover techniques, check out this and this.
“An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It crashes on “int 3″ at 0×01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0×01002FF4.”
- A vulnerability that tricks you into execution of an executable / JAR file. More
Just hours after the release of Google Chrome, researcher Aviv Raffdiscovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.
Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.
In the proof-of-concept, Raff’s code shows how a malicious hacker can use a clever social engineering lure — it requires two mouse clicks — to plant malware on Windows desktops.
The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser.
Apple patched the carpet-bombing issue with Safari v3.1.2.