Google Chrome 'IFRAME' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with Google Chrome and is prone to Denial Of Service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Apllication

Solution

Upgrade to Google Chrome version 6.0 or later. For updates refer to http://www.google.com/chrome

Insight

The flaw is due to - Improper handling of an 'IFRAME' element with a mailto: URL in its 'SRC' attribute, which allows remote attackers to consume resources via an HTML document with many 'IFRAME' elements. - JavaScript code, containing an infinite loop which creates 'IFRAME' elements for invalid 'news:// URIs'.

Affected

Google Chrome version 1.0.154.48 and prior.

References

http://websecurity.com.ua/4206/
http://websecurity.com.ua/4238/
http://www.securityfocus.com/archive/1/archive/1/511327/100/0/threaded

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-1992, CVE-2010-2120

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
BadBlue invalid GET DoS
Denial Of Service Vulnerability in PHP April-09
ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities