lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Aug 2009 03:03:00 -0400
From: advisories@...ern0t.net
To: <mustlive@...security.com.ua>
Subject: RE: DoS vulnerability in Google Chrome

Hi MustLive,


I can confirm that this consumed most ressources in FireFox 3.5.2 as well.
I have the newest Google Chrome browser installed which might explain why.


Best regards, hopes, peace and love,
MaXe - Founder of InterN0T - Undergrou...
http://www.intern0t.net/

PS: The extra long signature doesn't make a difference :-D


Hello Bugtraq!

I want to warn you about Denial of Service vulnerability in Google Chrome.

This vulnerability I found already at 26.12.2008. Attack belongs to type of 
blocking DoS and DoS via resources consumption 
(http://websecurity.com.ua/2550/).

DoS:

http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit.html

http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit2.html

With the first exploit Chrome blocks. With the second exploit Chrome blocks, 
at that consumes CPU resources.

Vulnerable version is Google Chrome 1.0.154.48 and previous versions (and 
potentially next versions too).

I mentioned about this vulnerability at my site 
(http://websecurity.com.ua/3435/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ