Issue metadata
Sign in to add a comment
|
Security: OOB Vulnerability in Chrome on Windows
Reported by
psvitais...@gmail.com,
Aug 30 2017
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS What is Up i found a OOB Vulnerability in Chrome on Windows It is javescrpit VERSION Chrome Version: [60.0.3112.113] + [stable] Operating System: [Windows 10, 64bit] Links: https://ghostbin.com/paste/yx5y6 If the link does not work here is a copy of the code: var i = 0; for(i = 0; i < getComputedStyle(document.body).length; i++){ document.body.innerText+=getComputedStyle(document.body)[i]+"\n"; for(var x = 0; x < getComputedStyle(document.body)[i].length; i++) { document.body.innerText+=getComputedStyle(document.body)[i][x];/*OOB read*/ } } //Rudie Lamprecht email me at psvitaissoocool@gmail.com if u need my paypal is is psvitaissoocool@gmail.com Got a lot more bugs
,
Aug 30 2017
Can you explain why you think this is an out of bounds read?
This script starts by writing out the first CSS property of the body ("animation-delay").
It then loops, emitting the first letter of each subsequent CSS property until it reaches either 'caret-color' or 'line-break' (depending on Chrome version), after which it throws a script error:
"Uncaught TypeError: Cannot read property 'length' of undefined"
,
Sep 6 2017
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://clusterfuzz.com/testcase?key=5466317225459712.
,
Sep 6 2017
CF can't repro this.
,
Dec 14 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by psvitais...@gmail.com
, Aug 30 2017