EIP-2026-115352

PRE-CVE

Google Chrome 4.1 - Out-of-Bounds Array Indexing

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115352. PoCs published by Tobias Klein.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Google Chrome <= 4.1.249.1042 due to an out-of-bounds array indexing bug in the FTP PWD command handling. The PoC involves a malicious FTP server that sends a crafted response to trigger the crash.

Description

Google Chrome 4.1 - Out-of-Bounds Array Indexing

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tobias Klein · textdoswindows

https://www.exploit-db.com/exploits/12011

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Google Chrome <= 4.1.249.1042 due to an out-of-bounds array indexing bug in the FTP PWD command handling. The PoC involves a malicious FTP server that sends a crafted response to trigger the crash.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome <= 4.1.249.1042

No auth needed

Prerequisites: Victim must visit a specially-crafted web page with an iframe pointing to a malicious FTP server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026