Although Google’s new browser called Chrome is still in beta phase, a vulnerability has already been discovered just hours after its release. Researcher Aviv Raff discovered that he could combine two vulnerabilities to trick users into launching executable files directly from the browser window. The two vulnerabilities are Apple Safari’s (Webkit) flaw and a Java bug. In a demo, a Google Chrome user can be lured into downloading and launching a JAR (Java ARchive) file that gets executed or run without warning. A malicious hacker can use a clever social engineering and plant malware on Windows desktops in just two mouse clicks.

Another vulnerability which causes Chrome to crash. A working demo is available at

http://evilfingers.com/advisory/google_chrome_poc.php

Software:
Google Chrome Browser 0.2.149.27
Tested:
Windows XP Professional SP3
Result:
Google Chrome Crashes with All Tabs
Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0×01002FF3 as an exception/trap, followed by "POP EBP" instruction when pointed out by the EIP register at 0×01002FF4.
Proof of Concept:
http://evilfingers.com/advisory/google_chrome_poc.php
Credit:
Rishi Narang
www.greyhat.in
www.evilfingers.com