Bugtraq mailing list archives
Re: DoS vulnerability in Google Chrome
From: "MustLive" <mustlive () websecurity com ua>
Date: Tue, 25 Aug 2009 19:07:49 +0300
Hello MaXe! Thanks for information. It's interesting why your Firefox 3.5.2 is vulnerable, because on my computer only Chrome was vulnerable, and not Firefox 3.0.13 and other browsers (Mozilla, IE6 and Opera). Yes, I have Chrome installed on the same system and it does not affect other browsers (not in case of this DoS hole, not in case of other holes which I found). Besides, which exploit works in Firefox 3.5.2 in your case? Maybe it's hole in Firefox 3.5.x. Then it'll be better for you to check it on the system with Firefox, but without Chrome. In case if it's Cross-Application DoS (http://websecurity.com.ua/2600/, which you can read on English http://translate.google.com/translate?hl=en&ie=UTF-8&u=http://websecurity.com.ua/2600/&sl=uk&tl=en), and Firefox 3.5.2 is affected via Chrome (you must test it by running exploit in Firefox 3.5.2 on systems with and without Chrome installed), then there are things which we need to know. Which browsers (Firefox 3.5.x and others) are affected, and which versions of Chrome lead to this issue. Besides, as I was informed recently, Google Chrome 1.0.154.65 is also vulnerable. P.S. Different people have different signatures ;-). It's like: show me your signature and I'll tell you who you are. Best wishes & regards, Eugene Dokukin aka MustLive Security auditor and security researcher http://websecurity.com.ua----- Original Message ----- From: <advisories () intern0t net>
To: <bugtraq () securityfocus com>; <mustlive () websecurity com ua> Sent: Tuesday, August 25, 2009 10:03 AM Subject: RE: DoS vulnerability in Google Chrome
Hi MustLive, I can confirm that this consumed most ressources in FireFox 3.5.2 as well. I have the newest Google Chrome browser installed which might explain why. Best regards, hopes, peace and love, MaXe - Founder of InterN0T - Undergrou... http://www.intern0t.net/ PS: The extra long signature doesn't make a difference :-D Hello Bugtraq! I want to warn you about Denial of Service vulnerability in Google Chrome. This vulnerability I found already at 26.12.2008. Attack belongs to type of blocking DoS and DoS via resources consumption (http://websecurity.com.ua/2550/). DoS: http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit.html http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit2.html With the first exploit Chrome blocks. With the second exploit Chrome blocks, at that consumes CPU resources. Vulnerable version is Google Chrome 1.0.154.48 and previous versions (and potentially next versions too). I mentioned about this vulnerability at my site (http://websecurity.com.ua/3435/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Current thread:
- DoS vulnerability in Google Chrome MustLive (Aug 24)
- <Possible follow-ups>
- RE: DoS vulnerability in Google Chrome advisories (Aug 25)
- Re: DoS vulnerability in Google Chrome MustLive (Aug 25)
- Re: DoS vulnerability in Google Chrome advisories (Aug 26)