CVE-2008-7061

EPSS 4.3%

The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/32311unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://googlechromereleases.blogspot.com/2008/09/beta-release-0214930.html https://exchange.xforce.ibmcloud.com/vulnerabilities/45039 http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/render_widget_host_hwnd.cc?r1=1287&r2=2042&pathrev=2042 http://src.chromium.org/viewvc/chrome/trunk/src/chrome/views/tooltip_manager.cc?r1=1287&r2=2042&pathrev=2042 http://src.chromium.org/viewvc/chrome?view=rev&revision=2042 http://www.blackhat.org.il/exploits/chrome-freeze-exploit.html http://www.securityfocus.com/archive/1/496078/100/0/threaded http://www.securityfocus.com/archive/1/496094/100/0/threaded http://www.securityfocus.com/archive/1/496101/100/0/threaded http://www.securityfocus.com/archive/1/496126/100/0/threaded http://www.securityfocus.com/archive/1/496138/100/0/threaded http://www.securityfocus.com/archive/1/496145/100/0/threaded