Google Chrome is the browser by Google. We found a chrome bug that is so simple that every browser should’ve already been protected from it, but neither Firefox nor Chrome were. We also attacked other platforms and used the attack to crash our peer reviewers phone. We found a way to crash the chrome and Firefox browser by putting 500 thousand lines of urls that would remotely crash the other users system, wipe all the sites they were on from restoring, etc. An example would be https://planetzuda.com/test/http://planetzuda.com/test/ and repeat. The bug was far harder to exploit on chrome, then it was on Firefox since to Google’s credit or Chromiums they had better protection then Firefox had against this attack.
The way it worked was taking the URL above and then manually copying it or using a python script to automatically copy it thousands of times and then sending it to the browser. We contacted Our peer reviewer and tested it against him.
We were in the process of seeing if we could get leaked memory and go to RCE, but Google likes reports as soon as you know of an issue, so we reported to Google Chrome per their bounty program. The bug quickly got marked won’t fix, but another member marked it needs more feedback afterwards, but once you mark a bug won’t fix, you have no interest in engaging with the submitter. Never underestimate the person submitting the bug. If you don’t get the bug, that’s fine but don’t assume what it is, which is exactly what they did. So if the bug was no big deal, which is the way they acted on January 16th why is it patched? Also, how did Firefox get the patch when we didn’t submit it to them? These are questions we want answers to. We are asking Google to pay for the bug, since they found it to be of value to quickly patch it and it appears they also passed the info along to Firefox without our permission, which is problematic as we were never credited for the bug by Firefox.
We will update this if Google responds to our requests, but from now on we are going public disclosure on bugs here on out.
