I am currently trying to setup a proper build environment for Google Chrome, so that I can test some crashes in more details.

It seems amazing that a brief line of Javascript code is able to completely freeze the Chrome process and all its threads, but I am guessing it is a synchronization issue when talking with the Win32 API.

More details should come about if I finally get Chrome building locally, otherwise I’ll consider just posting some┬áreproducible test cases and let somebody else look into exploiting it.

It’s part of the screen update process and also freezes the Sandbox broker process, so with some luck this should be running outside the Chrome sandbox :)