Google Chrome “input type=file” Based Memory Corruption Bug PoC.
Tested on Version : 1.0.154.36
By : Atul Alex Cherian. ( atul.alex [at] orchidseven.com )
Google Chrome completely crashes due to “Access Violation” exception if the user
right-clicks any file in the “Open File” dialog that pops-up, twice within same tab
or other tabs.If you select any file once, right-click it, & select any option…
then either click “Open” or “Cancel”…& try to do the same again, Memory corruption
occurs causing all the tabs & the entire Browser to Crash.
How to test this PoC:
1] Save the below code as an html file & open
in Google chrome.
2] Click the first “Choose File”, select
any folder or file, right-click n select
“properties”.Then cancel the “Open” dialog
box.
3] Click the second “Choose File”, select
any folder or file,& simply right-click
to see Google Chrome Crash due to
“Access Violation”.
——————————————————————
PoC Html file:
——————————————————————
<html>
<form name=form1>
<input type=file name=”aodrulez1″>
<input type=file name=”aodrulez2″>
</form>
