Critical Vulnerability Information Vulnerability Description Opening the attached PDF document causes the renderer to crash due to an invalid read at (address such as 0xffffffff800acf66). Version and Operating System Chrome Version: 14.0.835.186 (stable, also includes beta and dev channels) Operating System: Linux, Debian 6.0.2 (32-bit and 64-bit) Reproduction Steps Note: Sample originates from malware. Use the command to open the PDF document. Additional Vulnerability Details The compressed JS portion in the file contains a large array, followed by some obfuscated code. Based on the crash location, it is suspected that the crash occurs during JS parsing or execution after decompression, but the stream has not yet been successfully decompressed to inspect what is happening. The original JS stream does not trigger this issue. Crash Additional Information Type: Table Crash State: Program received SIGSEGV signal, segmentation fault. Specific Location: At at 0x00007f7ffee977773 Related Location: /lib/libc.so.6 (gdb) x / 3i $ rip - 0x7f7ee977773 : movzwl (%rax,%rdi,2),%eax - 0x7f77ee977777 : and $0x8,%eax - 0x7f77ee97777a : retq GDB Register Information: - rax 0x7fff46bb6e20 140737483678 - rbx 0x7fffffb6e60 140737488336608 - rcx 0xe158 - rdx 0x7fffffffe5f80 -128 - rsi 0x7fffffff720 140737488336672 - rdi 0x7fffffbe021b9d -1107158115 - rbp 0x7fffffb720 0x7fffffb720 - rsp 0x7fffffb338 0x7fffffb338 - r8 0x8 8 - r9 0x1010101010101010 72340172838076673 - r10 0x39000000055 244813135957 - r11 0x7f7ee9ca42a 140737196631082 ``` This information provides reproduction steps, specific crash location, and related register values, aiding further analysis and remediation of the vulnerability.