Proof of Concept:
Google Chrome 0.2.149.27 on Windows XP SP2 (Open Calculator)
http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2.html
With other Windows non-XP SP2:
http://security.bkis.vn/Proof-Of-Concept/PoC-Crash.html
Details:
·         Type of Issue : Buffer Overflow.
·         Affected Software : Google Chrome 0.2.149.27.
·         Exploitation Environment : Google Chrome  on Windows XP SP2.
·         Impact: Remote code execution.
·         Rating : Critical.
·         Description :
The vulnerability is caused due to a boundary error when handling the
"SaveAs" function. On saving a malicious page with an overly long title
(<title> tag in HTML), the program causes a stack-based overflow and makes
it possible for attackers to execute arbitrary code on users’ systems.
·         How an attacker could exploit the issue :
To exploit the Vulnerability, a hacker might construct a specially crafted
Web page, which contains malicious code. He then tricks users into visiting
a Website and convinces them to save this Page. Right after that, the code
would be executed, giving him the privilege to make use of the affected
system.
·         Discoverer : Le Duc Anh – SVRT – Bkis