| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Sep 2008 01:37:47 +0800 From: "LIUDIEYU dot COM" <liudieyu.com@...il.com> To: "Aditya K Sood" <0kn0ck@...niche.org> Cc: bugtraq@...urityfocus.com, websecurity@...appsec.org Subject: Re: Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos. I'm also using Google Chrome. Another concern for me - its setup downloads: http://cache.pack.google.com/chrome/install/149.30/chrome_installer.exe which is not signed by authenticode. Can anyone post hashes of this file downloaded over a trusted network? Or, is this info available at some trusted sources? Thanks in advance, On 9/24/08, Aditya K Sood <0kn0ck@...niche.org> wrote: > > *Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.* > > *Version Affected:* > Chrome/0.2.149.30 > Chrome/0.2.149.29 > > *Severity:* > High > > *Description:* > The Google chrome browser is vulnerable to memory exhaustion based > denial of > service which can be triggered remotely.The vulnerability triggers when > Carriage > Return(\r\n\r\n) is passed as an argument to window.open() function. It > makes the > Google Chrome to generate number of windows at the same time thereby > leading > to memory exhaustion. The behavior can be easily checked by looking at > the task > manager as with no time the memory usage rises high. The problem lies in > the handling > of object and its value returned by the javascript function. Once it is > triggered the pop > ups are started generating. The Google Chrome browser generate object > windows continuously > there by affecting memory of the resultant system. Probably it can be > crashed within no time. > User interaction is required in this. > > *Proof of Concept* > http://www.secniche.org/gds > > *Links:* > http://secniche.org/gcrds.html > http://evilfingers.com/advisory/Google_Chrome_Carriage_Return_Null_Object_Memory_Exhaustion_Remote_Dos.php > > *Detection:* > SecNiche confirmed this vulnerability affects Google Chrome on Microsoft > Windows XP SP2 platform.The versions tested are: > > Chrome/0.2.149.30 > Chrome/0.2.149.291 > > *Disclosure Timeline:* > Disclosed: 22 September 2008 > Release Date. September 24 ,2008 > > *Vendor Response:* > Google acknowledges this vulnerability and "fix" will be released soon. > > *Credit:* > Aditya K Sood > > *Disclaimer* > The information in the advisory is believed to be accurate at the time > of publishing based on > currently available information. Use of the information constitutes > acceptance for use in an > AS IS condition. There is no representation or warranties, either > express or implied by or with > respect to anything in this document, and shall not be liable for a ny > implied warranties of > merchantability or fitness for a particular purpose or for any indirect > special or consequential > damages. >
Powered by blists - more mailing lists