CVE-2008-6994

Google Chrome 0.2.149.27 - Stack-Based Buffer Overflow via Long TITLE Element in SaveAs Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6994. PoCs published by SVRT, WHK.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in Google Chrome 0.2.149.27, where a stack-based overflow occurs when saving a webpage with an overly long title. The exploit requires user interaction to save the malicious page, leading to remote code execution.

Description

Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.

Exploits (2)

exploitdb WRITEUP VERIFIED
by SVRT · textremotewindows
https://www.exploit-db.com/exploits/6367

The provided text describes a buffer overflow vulnerability in Google Chrome 0.2.149.27, where a stack-based overflow occurs when saving a webpage with an overly long title. The exploit requires user interaction to save the malicious page, leading to remote code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Google Chrome 0.2.149.27
No auth needed
Prerequisites: User interaction to save the malicious webpage · Vietnamese language setting in Google Chrome
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by WHK · phpdoswindows
https://www.exploit-db.com/exploits/6365

This exploit is a proof-of-concept for a denial-of-service (DoS) vulnerability in Google Chrome 0.2.149.27. It triggers a crash by forcing the browser to handle an excessively long filename in a download header.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Google Chrome 0.2.149.27
No auth needed
Prerequisites: A web server to host the malicious PHP script · Victim must visit the crafted URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Issue Tracking x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=1414
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44939
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496042/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6367
Exploit x_refsource_misc
http://security.bkis.vn/?p=119
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31031
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6365
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/48259
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44935
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31029
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1020823

Scores

EPSS 0.1022
EPSS Percentile 95.1%

Details

CWE
CWE-119
Status published
Products (1)
google/chrome 0.2.149.27
Published Aug 19, 2009
Tracked Since Feb 18, 2026