“The Google chrome browser is vulnerable to memory exhaustion based denial of service which can be triggered remotely.The vulnerability triggers when Carriage Return(\r\n\r\n) is passed as an argument to window.open() function. It makes the Google Chrome to generate number of windows at the same time thereby leading to memory exhaustion. The behavior can be easily checked by looking at the task manager as with no time the memory usage rises high. The problem lies in the handling of object and its value returned by the javascript function. Once it is triggered the pop ups are started generating. The Google Chrome browser generate object windows continuously there by affecting memory of the resultant system. Probably it can be crashed within no time. User interaction is required in this.”

What’s Google’s take on this flaw, and have they acknowledged it already? Zero Day asked the researchers.

Q: This is the second DoS vulnerability that members from EvilFingers disclose. How is the second one different than the first one, and how would a remote attacker take advantage of it?

A: Ideally, both are Denial of Service attacks. But second one is different for the matter that it does a memory exhaustion, or I would say “performance” peaks with the pop-ups. By default, all the pops are blocked by Chrome, but still the CPU usage jumps up to 98% and so does the memory consumption, therefore other processes will surely be affected. And then the PoC for the first one crashes the chrome right away without any reaction time to the user or any user way to prevent the loss of work. But with the second one, an experienced user can prevent the same and can save work of other tabs before resulting in a browser restart. Or put in another way, first one is a crash of all tabs, second one is a hang of tabs.

Q: Since you’re responsibly disclosing the vulnerabilities that you find to Google, what is your opinion on their current response time and overall attitude towards the vulnerabilities that you’ve reported?

A: Response time with the first one was well appreciable, as it was fixed within 24hrs though it took some days to roll out next 0.2.149.29 ‘patched’ version. For this newer DoS, the patch is yet to roll out and they have acknowledged the bug for now.

Has Google’s Chrome level of exploitability changed since the first DoS vulnerability? It may well be declining considering some recently published browser market-share statistics, clearly indicating that a lot of users seems to have given Chrome a try, and are back to their default browsers. According to published Chrome stats by Net Application :

“At the end of its third week of availability, Google Inc.’s Chrome accounted for 0.77% of the browsers that visited the 40,000 sites tracked by Net Applications, down from a 0.85% share the week before. “The trend line on Chrome still has a slight downward angle, and these weekly numbers reflect that,” said Vince Vizzaccaro, Net Applications’ executive vice president of marketing. Although Chrome popped above 1% within hours of its release, the new browser now reaches that mark only in the middle of the night, U.S. time, Vizzaccaro added.”

StatCounter’s latest Chrome stats of over 450M page views globally, also indicate the introduction period and the slight decline afterwards. Chrome’s popularity is proportional with its level of exploitability, so keeping an eye on how many users stick with the (BETA) browser, will either increase or decrease it.

Source

It should come as little surprise that Google is entering the Web
browser market. The search heavyweight already has a substantial stake
in our online activities. Search, check! E-mail, check! Office
documents, check! The list of Web applications offered by Google is
both long and varied. With its goal of providing all of our online
needs, it makes perfect sense that Google would step up and provide a
Web browser built to accommodate its applications. With Chrome, Google
is betting that more of us will move more of our computing from
desktops to online, relying on the vast data centers known as “the
cloud.” But can Google’s Web browser single handedly entice us to dump a
favorite Web browser and our computer’s operating system?

Let’s start with the operating system. What’s your favorite flavor?
Windows, OS X, Linux? Whichever your allegiance, for at least the next
several years, you’ll need an operating system to boot your computer
and store the applications that are still too large and unwieldy to run
from inside the cloud. Take iTunes, Photoshop, or PowerPoint. While
online equivalents exist, they just can’t match the processing power
and functionality that come from the applications you run from your
computer’s operating system.

Segmenting Online Activities

And, while Google Chrome’s strength comes in its ability to segment
online activities—an open tab playing a live video stream won’t slow
down the remainder of your Web browsing—it still needs an operating
system at its foundation. For evidence that Google Chrome is not yet
ready to replace an operating system, consider the browser’s
limitations at launch. Despite two years of hard work, Chrome can’t run
without Windows and it won’t run at all on Apple’s OS X or Linux.

Then comes the question of Chrome’s potential for wresting market
share from Google’s rivals. Can Google really launch a new browser and
expect to grab some of Internet Explorer’s 72% Web browser market share
and Firefox’s 20%? Chrome certainly started off strong. On its opening
days, according to analysts at Lehman Brothers, free downloads reached
an astounding 2% of the market. Lehman predicts that the new browser
could reach 15%-20% market share in just two years. In other words,
it’s likely to be big, but not dominant.

What’s more, Google Chrome is not yet proven as a revolutionary Web
browser. Google technicians emphasize that its architecture is
different, and predict that it will handle computing intensive software
applications better than its rivals. But most of the Web surfers who
downloaded it on its first day came to face to face with a bare-bones
browser with few of the add-ons and plug-ins available on the others.

Brand of Gold

What Chrome can boast is the Google brand. While not everything
Google touches turns to shareholder gold, its brand works wonders. The
company could launch a new brand of laundry detergent, and we’d likely
clear grocery store shelves of the stuff. You can bet that Google’s
fans will jump at the chance to download a Google-branded browser, so
they can check their Gmail, look-up their Google Maps, and search for
laundry detergent on Google.com.

It’s our infatuation with the Google brand, more than the technology
inside, that will boost Chrome’s market share and further extend Google
in our daily Web activities. As for being a Windows or Internet
Explorer killer, don’t count on it.

Source: Business Week