Welcome to Google Chrome Plugins

Source of Plugins, Themes, Add-ons and information for the Google Chrome Web Browser!

Recommended: Click here to Boost Your PC & Chrome Browsing Speed

Critical Chrome Vulnerability

by Chrome Blog on September 6, 2008

A Critical Vulnerability has been identified in Google Chrome Version 0.2.149.27 and all builds prior which enables an attacker to perform a Buffer Overflow attack and perform remote code execution.

To avoid being effected users are advised to not use the “Save As” function on untrusted websites.

I have setup a proof of concept page at the link below, to test it just Right Click and choose Save As on any white part of the page. Note, ensure you have no unsaved work in any tabs before proceeding to the test page. Also the test page is not malicious and will not cause any permanent effects to your PC or Chrome installation.

Test Google Chrome Vulnerability

On Windows XP SP2 it will execute your Windows calculator, on other Service Packs it will crash Google Chrome.

This vulnerability allows an attacker to execute arbitrary code on your system.

Google Chrome developers are working on a fix and it will be implemented as soon as a solution becomes available.

Credit to Bkis Security Advisories for the discovery.

Update: As mentioned below by Kevin and S Sheth this has been fixed in Version 0.2.149.29 along with the :% issue as well as some Javascript issues with Facebook.

Feel free to Bookmark this Story:
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Technorati
  • Google Bookmarks
  • Facebook
  • LinkedIn
  • Slashdot

{ 5 comments… read them below or add one }

1 kevin 09.06.08 at 3:40 pm

Appears to be fixed in 0.2.149.29

i got a string check when saving the file, and was told that the filename was invalid.

2 S Sheth 09.06.08 at 6:46 pm

Yes the latest version does fix it just go to:

1) Customise (Spanner) button
2) About Google Chrome
3) Upgrade Now
4) Restart the browser

3 Neko 09.13.08 at 11:36 pm

My chrome ‘crashes’ ( stop responding ) everytime I try to save anything on any website, it began on rapidsheet and now it happens on every website, I have Uninstalled chrome, gears, even deleted the whole folder on app data or w/e is called reinstalled and it just continue crashing.
Tec info:
WinXP Pro 32 bits SP3
Chrome/0.2.149.29
hope this can help to solve that problem…

4 Mubeen 09.14.08 at 9:29 am

The malicious website test tool doesn’t seem to do anything on my machine. When I right click on any white part and Save as, i get a long filename (same as the title of the page). That’s it. No calculator tool, nothing. If i proceed with the SAVE button on the File Save As common-dialogbox Windows rejects the filename by stating it is invalid and prompts me to try another file name instead.

-Using Windows XP Pro – SP3
and first release of Chrome build 1798

5 n1L 09.22.08 at 2:13 am

@Mubeen
Same thing here on Vista Ultimate SP1

Are we secure?

Offizieller Build 1798
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.29 Safari/525.13

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>