<<< Date Index >>>     <<< Thread Index >>>

Re: Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.



I'm also using Google Chrome.

Another concern for me - its setup downloads:
http://cache.pack.google.com/chrome/install/149.30/chrome_installer.exe
which is not signed by authenticode.

Can anyone post hashes of this file downloaded over a trusted network?
Or, is this info available at some trusted sources?

Thanks in advance,


On 9/24/08, Aditya K Sood <0kn0ck@xxxxxxxxxxxx> wrote:
>
> *Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.*
>
> *Version Affected:*
> Chrome/0.2.149.30
> Chrome/0.2.149.29
>
> *Severity:*
> High
>
> *Description:*
> The Google chrome browser is vulnerable to memory exhaustion based
> denial of
> service which can be triggered remotely.The vulnerability triggers when
> Carriage
> Return(\r\n\r\n) is passed as an argument to window.open() function. It
> makes the
> Google Chrome to generate number of windows at the same time thereby
> leading
> to memory exhaustion. The behavior can be easily checked by looking at
> the task
> manager as with no time the memory usage rises high. The problem lies in
> the handling
> of object and its value returned by the javascript function. Once it is
> triggered the pop
> ups are started generating. The Google Chrome browser generate object
> windows continuously
> there by affecting memory of the resultant system. Probably it can be
> crashed within no time.
> User interaction is required in this.
>
> *Proof of Concept*
> http://www.secniche.org/gds
>
> *Links:*
> http://secniche.org/gcrds.html
> http://evilfingers.com/advisory/Google_Chrome_Carriage_Return_Null_Object_Memory_Exhaustion_Remote_Dos.php
>
> *Detection:*
> SecNiche confirmed this vulnerability affects Google Chrome on Microsoft
> Windows XP SP2 platform.The versions tested are:
>
> Chrome/0.2.149.30
> Chrome/0.2.149.291
>
> *Disclosure Timeline:*
> Disclosed: 22 September 2008
> Release Date. September 24 ,2008
>
> *Vendor Response:*
> Google acknowledges this vulnerability and "fix" will be released soon.
>
> *Credit:*
> Aditya K Sood
>
> *Disclaimer*
> The information in the advisory is believed to be accurate at the time
> of publishing based on
> currently available information. Use of the information constitutes
> acceptance for use in an
> AS IS condition. There is no representation or warranties, either
> express or implied by or with
> respect to anything in this document, and shall not be liable for a ny
> implied warranties of
> merchantability or fitness for a particular purpose or for any indirect
> special or consequential
> damages.
>