Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I could not duplicate this with either Chrome or Safari (which also uses
WebKit). I am using WinXP SP3 and Chrome v0.2.149.27 build 1538. I
wonder if this is instead an issue with your Windows installation
rendering the tool-tip for the title (which is default with browsers
using WebKit).
I tried varying values all the way up to 2147483647. Of course, the
script running these high values would take a long time to complete the
loop -- but that is to be expected.
Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
mike.duncan@xxxxxxxx
Rotem Kerner wrote:
| a vulnerability was found which allow a remote attacker to freeze the
| users browser
| by convincing him to visit a malicious web page
|
| Chrome(0.2.149.27) Denial of Service(Freeze) exploit poc:
| http://www.blackhat.org.il/exploits/chrome-freeze-exploit.html
|
| Exodus.
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD4DBQFIxWRHnvIkv6fg9hYRAnUqAJdM1yO2L0MoUJcM8rbKCjkHQ1EzAKCQZaEh
OhKfgPnoocKhaz/ILWRBxw==
=18Pq
-----END PGP SIGNATURE-----