CVE-2008-4340

Google Chrome 0.2.149.29 and 0.2.149.30 - Denial of Service via Window Open Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4340. PoCs published by Aditya K Sood.

AI-analyzed exploit summary This exploit leverages a memory exhaustion vulnerability in Google Chrome by repeatedly opening windows with carriage return and null characters, leading to a denial of service (DoS). The PoC is designed to demonstrate the issue with minimal object usage but can be amplified for greater impact.

Description

Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aditya K Sood · htmldoswindows

https://www.exploit-db.com/exploits/6554

View Code ZIP pw:eip

This exploit leverages a memory exhaustion vulnerability in Google Chrome by repeatedly opening windows with carriage return and null characters, leading to a denial of service (DoS). The PoC is designed to demonstrate the issue with minimal object usage but can be amplified for greater impact.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome versions 0.2.149.29 and 0.2.149.30

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK