Bugtraq mailing list archives
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit
From: Mike Duncan <Mike.Duncan () noaa gov>
Date: Tue, 09 Sep 2008 14:16:31 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yeah, when you do that, it is generating a tool-tip to display. Additionally, the large number of iterations this script must run through may cause a crash due to resource exhaustion. Have you tested further to see what values actually produce the results or are we going on the assumption that is a very large number? Mike Duncan ISSO, Application Security Specialist Government Contractor with STG, Inc. NOAA :: National Climatic Data Center mike.duncan () noaa gov Rotem Kerner wrote: | this successfully freezed my chrome on both Vista & XP platforms | dont move your mouse for a sec while its laying on the white background | and it should freeze. | | Exodus. | | http://www.blackhat.org.il | "imagination is more importan than knowledge" |> I could not duplicate this with either Chrome v0.2.149.29. I think |> this problem was now solved. |> |> -- |> _Wellington Wagner F. Sarmento |> |> "Where is the wisdom we have lost in knowledge? |> Where is the knowledge we have lost in information?" |> T.S. Eliot |> |> |>> a vulnerability was found which allow a remote attacker to freeze the |>> users |>> browser |>> by convincing him to visit a malicious web page |>> |>> Chrome(0.2.149.27) Denial of Service(Freeze) exploit poc: |>> http://www.blackhat.org.il/exploits/chrome-freeze-exploit.html |>> |>> Exodus. |>> |>> |>> |>> |>> |> -- |> _Wellington Wagner F. Sarmento |> "Where is the wisdom we have lost in knowledge? |> Where is the knowledge we have lost in information?" |> T.S. Eliot |> |> |> |> | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIxr19nvIkv6fg9hYRArtYAJ9XNmuZqbUXzw4/6Wa5Q1h8eR2jNwCdHKNh ixXVtaTQr1dM/hyWwLNSWQc= =2SJC -----END PGP SIGNATURE-----
Current thread:
- Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Rotem Kerner (Sep 08)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Mike Duncan (Sep 08)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Wellington Wagner F. Sarmento (Sep 08)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Rotem Kerner (Sep 09)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Mike Duncan (Sep 09)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Rotem Kerner (Sep 09)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Razi Shaban (Sep 09)
- <Possible follow-ups>
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit a (Sep 08)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit gynvael (Sep 09)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Razi Shaban (Sep 09)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Julien Stuby (Sep 10)
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Razi Shaban (Sep 09)