lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 08 Jan 2010 19:59:19 +0530
From: Aditya K Sood <0kn0ck@...niche.org>
To: websecurity@...appsec.org, bugtraq@...urityfocus.com
Subject: Google Chrome 3.0.195.38 | Chrome Frame - Reloading Memory Allocation
 based Tab Crashing

Hi

Google Chrome, right from the start has shown some stringency in tab
crashing. But crashing tabs or full browser crash is becoming more smoother
than the previously reported cases. On playing around with Google Chrome
and Chrome Frame direct tab crashing has been reloaded. The specific
points are mentioned below:

1. Scripts are checked against memory allocation part and raises a warning.
2. In recent versions playing around with JavaScript based conversion of
Unicode values to characters and rendering it directly leads to tab
crashing.
3. It has become more smoother and direct in the functionality.

The software tested against this rule set is mentioned below:

1. Google Chrome Browser
2. Google Chrome Frame. (IE8)

Both are installed on x64 systems running windows vista and IE8. The
test is based on the script code designed to show the tab crashing in
controlled manner.

Video:
http://www.secniche.org/videos/goog_chrome_frame_mem_alloc_tab_crashing.html

Blog Post:
http://zeroknock.blogspot.com/2010/01/google-chrome-3019538-chrome-frame.html

It can have diverse impact with more modularized codes in the future.

All for community purposes.

Kind Regards
Aditya K Sood
http://www.secniche.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ