|
We (SVRT-Bkis) have just discovered vulnerability in Google Chrome
0.2.149.27. This is a Critical Buffer Overflow Vulnerability permiting
hacker to perform a remote attack and take complete control of the affected
system.
We have submitted this Vulnerability to Google. They confirmed and assign a
verifier for build 0.2.149.28.
Proof of Concept:
We tested Google Chrome 0.2.149.27 on Windows XP SP2 (Open Calculator)
http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2.html
With others Windows not XP SP 2:
http://security.bkis.vn/Proof-Of-Concept/PoC-Crash.html
Details:
=B7 Type of Issue : Buffer Overflow.
=B7 Affected Software : Google Chrome 0.2.149.27.
=B7 Exploitation Environment : Google Chrome on Windows XP SP2.
=B7 Impact: Remote code execution.
=B7 Rating : Critical.
=B7 Description :
The vulnerability is caused due to a boundary error when handling the
"SaveAs" function. On saving a malicious page with an overly long title
(