BID:31071

Google Chrome 'url_elider.cc' Buffer Overflow Vulnerability

Info

Google Chrome 'url_elider.cc' Buffer Overflow Vulnerability

Bugtraq ID:	31071
Class:	Boundary Condition Error
CVE:	CVE-2008-6998
Remote:	Yes
Local:	No
Published:	Sep 05 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Shinnok
Vulnerable:	Google Chrome 0.2.149 .27

Not Vulnerable:	Google Chrome 0.2.149 .29

Discussion

Google Chrome 'url_elider.cc' Buffer Overflow Vulnerability

Google Chrome is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in a denial-of-service condition.

Google Chrome 0.2.149.27 is vulnerable.

Exploit / POC

Google Chrome 'url_elider.cc' Buffer Overflow Vulnerability

The following proof of concept is available:

/data/vulnerabilities/exploits/31034.html

Solution / Fix

Google Chrome 'url_elider.cc' Buffer Overflow Vulnerability

Solution:
The vendor has addressed this issue in Chrome 0.2.149.29. Please see the references for more information.

Google Chrome 0.2.149 .27

Google issue259_1_2.diff
http://codereview.chromium.org/download/issue259_1_2.diff

References

Google Chrome 'url_elider.cc' Buffer Overflow Vulnerability

References:

Google Chrome Homepage (Google)
Google Chrome version 0.2.149.29 (Google)
Unified Diff: chrome/common/gfx/url_elider.cc (Google)