Google Chrome Malformed 'title' Tag Remote Denial of Service Vulnerability

Bugtraq ID:	30975
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2008-7061
Remote:	Yes
Local:	No
Published:	Sep 02 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Exodus
Vulnerable:	Google Chrome 0.2.149 .27
Not Vulnerable:	Google Chrome 0.2.149 .30

Google Chrome Malformed 'title' Tag Remote Denial of Service Vulnerability

Google Chrome is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Attackers can exploit this issue to make the application unresponsive, denying service to legitimate users.

Google Chrome 0.2.149.27 is vulnerable; other versions may also be affected.

NOTE: Reports indicate that this issue may not be exploitable as described and may depend on a particular WebKit configuration.

Google Chrome Malformed 'title' Tag Remote Denial of Service Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/30975.html

Google Chrome Malformed 'title' Tag Remote Denial of Service Vulnerability

Solution:
The vendor has addressed this issue in Chrome 0.2.149.30. Please see the references for more information.

Google Chrome Malformed 'title' Tag Remote Denial of Service Vulnerability

References:

• Beta release: 0.2.149.30 (Google)
  
• Google Chrome Homepage (Google)
  
• Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit (Rotem Kerner )
  
• Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit ([email protected])
  
• Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit (Mike Duncan )
  
• Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit ("Razi Shaban" )