CVE-2008-6995

Name of the Vulnerable Software and Affected Versions Google Chrome version 0.2.149.27

Description The issue is caused by an integer underflow in the net/base/escape.cc file of chrome.dll, allowing remote attackers to cause a denial of service, resulting in a browser crash. This can be triggered by a URI with an invalid handler followed by a "%" (percent) character, leading to a buffer over-read. An example of such a URI is "about:%".

Recommendations For Google Chrome version 0.2.149.27, consider avoiding the use of URIs with an invalid handler followed by a "%" (percent) character until a fix is available. As a temporary workaround, restrict access to potentially vulnerable URI handlers to minimize the risk of exploitation.