Google Chrome Cookie Verification Denial of Service Vulnerability

vendor:

Chrome

by:

SecurityFocus

7,8

CVSS

HIGH

Denial of Service

CWE

Product Name: Chrome

Affected Version From: Chromium 25.0.1364.160

Affected Version To: Chromium 25.0.1364.160

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

Google Chrome Cookie Verification Denial of Service Vulnerability

Google Chrome is prone to a denial-of-service vulnerability because it fails to verify the user supplied input. Successfully exploiting this issue will allow an attacker to inject special characters into the browser's local cookie storage, resulting in the requested website always responding with an error message which is hosted on specific web server software (like lighttpd). This will cause a denial-of-service condition.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/58857/info

Google Chrome is prone to a denial-of-service vulnerability because it fails to verify the user supplied input.

Successfully exploiting this issue will allow an attacker to inject special characters into the browser's local cookie storage, resulting in the requested website always responding with an error message which is hosted on specific web server software (like lighttpd). This will cause a denial-of-service condition.

Chromium 25.0.1364.160 is vulnerable; other versions may also be affected.

Note: The content related to Mozilla Firefox Browser has been moved to BID 62969 (Mozilla Firefox Browser Cookie Verification Denial of Service Vulnerability) for better documentation. 

http://www.example.com/?utm_source=test&utm_medium=test&utm_campaign=te%05st