Thursday, September 25, 2008

Google Chrome Carriage Return Null Object Memory Exhaustion Remote DoS

Google Chrome Carriage Return Null Object Memory Exhaustion Remote Denial of Service

Proof of Concept
Note:: Keep an eye on the memory consumption in Task Manager.

This POC has been designed with minimum object usage. This can be made more critical when combined with number of objects. For Example: using alert function will make it more exhaustive.

Aditya K Sood (c) SecNiche Security.

Version Tested:

Official Build 1798
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.29 Safari/525.13

Official Build 2200
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.30 Safari/525.13

---------------------------------------

http://www.milw0rm.com/exploits/6554

No comments:

Post a Comment