IssueTracker

Report description

Possible buffer overflow with using %Z symbols

Bug location

Where do you want to report your vulnerability?

Chrome VRP – Report security issues affecting the Chrome browser. See program rules

Which URL (or repository) have you found the vulnerability in?

chrome://settings/?search=

The problem

Please describe the technical details of the vulnerability

When using a large number of %Z characters during search, the program takes a lot of RAM of the processor and also the disk As far as I know, %Z characters are sometimes processed incorrectly if there is no verification logic, then crashes and resource overflows are possible. I had a problem when I started making tabs, there were only these settings and I entered a lot of %Z characters, the program initially took 80 MB, then higher to 170 and 300 and even 400 and at the same time ate a little disk, that is, somewhere, sometimes it was 1.7 MB, I have an SSD disk As a POM, you should generally limit the use of such characters in general or optimize their operation. Also, when conducting such tests, I used Windows 10 and, so to speak, the browser worked in the task manager, that is, without any errors, but the browser itself froze and I had to forcibly close it

video https://drive.google.com/file/d/1424PECbMvBZ1dbxVSvpA-rLvlQiD_1op/view?usp=sharing

Impact analysis – Please briefly explain who can exploit the vulnerability, and what they gain when doing so

The possible vulnerability described can be exploited by any user who is able to input a large number of %Z characters during a search operation

The cause

What version of Chrome have you found the security issue in?

135.0.7049.42 stable

Is the security issue related to a crash?

Yes, it is related to a crash.

Choose the type of vulnerability

Memory Corruption

How would you like to be publicly acknowledged for your report?

idk just maybe my name and surname at all