Welcome to Google Chrome Plugins

Source of Plugins, Themes, Add-ons and information for the Google Chrome Web Browser!

Top Tip: Click here to Fix Windows Errors & Optimize Windows Performance

Chrome Memory Exhaustion DoS Vulnerability

by Chrome Blog on September 27, 2008

AdityaK Sood, from the EvilFingers community who disclosed the first Chrome DoS vulnerability at the beginning of the month, has released a proof of concept demonstrating a memory exhaustion DoS vulnerability affecting Google Chrome versions 0.2.149.30 and 0.2.149.29. He went on to state:

“The Google chrome browser is vulnerable to memory exhaustion based denial of service which can be triggered remotely.The vulnerability triggers when Carriage Return(\r\n\r\n) is passed as an argument to window.open() function. It makes the Google Chrome to generate number of windows at the same time thereby leading to memory exhaustion. The behavior can be easily checked by looking at the task manager as with no time the memory usage rises high. The problem lies in the handling of object and its value returned by the javascript function. Once it is triggered the pop ups are started generating. The Google Chrome browser generate object windows continuously there by affecting memory of the resultant system. Probably it can be crashed within no time. User interaction is required in this.”

Visiting a Vulnerable web page can result in 100% resource usage on PC’s, resulting in the crashing of open applications and the loss of unsaved work.

Note:

Before visiting the proof of concept page, ensure you do not have any unsaved work. The concept page is not malicious, but it will elevate your PC’s resource usage. It’s designed to “not” be too aggressive or to crash your running application but will highlight the issue.

Visit: Proof of Concept

Credit to: Aditya K Sood of SecNiche Security for the discovery.

{ 6 comments… read them below or add one }

1 Erik 09.27.08 at 9:58 pm

i didn’t notice any sort of increase in the cpu usage history when i navigated to the page

2 glenndorsey 09.28.08 at 12:12 am

My pc almost crashed just on the test page. Makes me wonder was a malicious application of this Chrome bug would do. Any word on a Chrome patch for this problem?

3 Aditya K Sood 09.30.08 at 2:17 am

Fixed in r2654. Guys check this one , tea team stated this to be fixed in this release

4 Chrome Blog 09.30.08 at 3:04 am

Good news, thanks Aditya and keep up with the great work over at SecNiche.org and EvilFingers.com with the discoveries.

5 television sets 03.25.12 at 3:35 am

You’ve made some decent factors there. I looked on the web with the issue and located many people will escort as well as your website.

6 elektrische step te koop 04.04.12 at 10:13 pm

I came below to learn about an item absolutely diverse than what I would certainly. I appreciate to absorb as much new details because achievable, it becomes the leading component relating to daily life. People include a site also, click on the connect to come on by way of and observe the things we are getting into.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

Buzzify Networks

Google Chrome and Google™ is a Trademark of Google Inc - Google Chrome. - Sitemap - Privacy Policy - SEO Enhanced
This site chromeplugins.org is not affiliated with or sponsored by Google Inc.
Coming Soon Chrome Themes and Chrome Extensions