New issue
Advanced search Search tips

Issue 593190 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Mar 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Complete Crash + Complete DoS on Chrome OS.

Reported by pabster...@gmail.com, Mar 9 2016

Issue description

This template is ONLY for reporting security bugs. Please use a different
template for other types of bug reports.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS
Using a bit of python coding combined with sockets, it is possible to send around 351 MB PER SECOND, that is enough to DoS most crappy websites and most routers, make it DDoS, and you can DDoS mostly any website. On Chrome OS the computer just freezes and starts having an enormous lagging problem, I had to stop Python because I was afraid it could've done permanent damage.

VERSION
Chrome Version: Newest
Operating System: Macintosh And Chrome OS
REPRODUCTION CASE
Attached Python file on the bottom, a screenshot of the 351 MB Per Second is also attached. Most of the python file is just me playing around with variables ;), the DoS effect is as you can imagine of 351 MB per second, mostly the computer lags a lot and it was hard for me to take the screenshot ;) on Macintosh, on Chrome OS straight out DoS.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: Tab
Crash ID b9437b3400000000 (add47346-2649-43b5-a984-89d5f8de5cfc)

Hope it Helps ;)

 
remotedos.py
1.1 KB View Download
351 mbps.png
9.1 KB View Download
You should actually apply a limit for data a socket stream can send to the client, probably disable infinite loops ??  Run the python file and goto localhost:8890   wait maybe 4-6 seconds for it. Maybe changing hey to something else could make it more plausible and the victim would stay on the website;)
CPU load on victim computer went down to around 7,49% idle, which is a LOT. Screenshot is attached.
Screen Shot 2016-03-08 at 20.29.55.png
11.0 KB View Download
Status: WontFix (was: Unconfirmed)
Denial of service is not considered a security vulnerability in Chrome threat model. Closing.
Still you're not fixing? It's a crash too, it can even crash the whole of chrome because it says that there is not enough space to open applications, even though I had 6GB free space. Still fix.
Project Member

Comment 6 by sheriffbot@chromium.org, Jun 17 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 7 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 8 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment