I have been able to make Google Chrome crash, and I was wondering if there are tools or heuristics to determine whether or not the crash is a security vulnerability.
How can I determine if a Chrome crash is also a security vulnerability?
Asked
Active
Viewed 398 times
3
-
I'd be interested in seeing a crashdump. Could you post a stack trace, or the dump file? – Polynomial Aug 01 '12 at 21:31
-
Where can I find the stack trace, or the dump file? – Randomblue Aug 01 '12 at 21:34
-
Not sure on OSX. Try a Google for "OSX chrome crash dump location" or something similar. – Polynomial Aug 02 '12 at 05:45
1 Answers
2
I suggest reading Best way to triage crashes found via fuzzing, on Linux?, which describes exactly how to do a first-pass triage at assessing the likelihood that the crash is also a security problem. Tools like !exploitable and Valgrind memcheck are your friend.
If it passes the first-level check, the next step is probably to report it to the Chrome folks and let them evaluate it in greater detail.
