New DOM Flaw Can Crash IE, Other Major Browsers

From The H Security

The Luxembourg security specialists G-SEC have published details of a vulnerability in the majority of browsers which will either crash the browser or consume so much memory that it makes the computer virtually unusable. The trick is simple. Using JavaScript’s DOM (Document Object Model), create a selection menu on the web page; a select element. Then assign to that select element’s length attribute a very high value, as a result there is a continuous allocation of memory. The length attribute specifies the number of menu items the select element should contain, and according to the specification (and common sense) should be read only, but in many cases, it is writeable. Read the full story [The H Security].

Google closes vulnerabilities in Chrome

From The H Security
A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit’s handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability. Nonetheless, Google considers the vulnerability to be a high risk. Read the full story []

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.