High severityNVD Advisory· Published Dec 17, 2018· Updated Aug 5, 2024
CVE-2017-18353
CVE-2017-18353
Description
Rendertron 1.0.0 exposes an unauthenticated GET endpoint that shuts down the core Chrome rendering instance, causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Rendertron 1.0.0 exposes an unauthenticated GET endpoint that shuts down the core Chrome rendering instance, causing denial of service.
Vulnerability
Rendertron version 1.0.0 includes a debug route at /_ah/stop that immediately terminates the Chrome instance responsible for serving all rendering requests [1]. The endpoint requires no authentication or special headers and responds to a simple GET request. The project is now deprecated and no longer maintained [1].
Exploitation
An unauthenticated remote attacker can send a GET request to /_ah/stop on the Rendertron server [2]. No user interaction, special network position, or prior access is required. The request triggers a shutdown of the headless Chrome process, and there is no rate-limiting or IP-based restriction to prevent repeated exploitation [1].
Impact
Successful exploitation completely disables the core rendering service of the application [1][2]. All legitimate render requests to any URL will fail until the Chrome instance is manually restarted. This constitutes a denial-of-service (DoS) condition affecting the availability of the service. No data confidentiality or integrity is directly compromised, but the service is rendered entirely non-functional.
Mitigation
The Rendertron project is deprecated and not actively maintained [1]. No official patch was ever released for this vulnerability. A pull request (#88) attempted to fix the issue by adding validation and reducing the exposed surface, but it was never merged [4]. The only reliable mitigation is to upgrade to an alternative rendering solution or implement a reverse proxy that blocks access to the /_ah/stop path.
References
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rendertronnpm | < 1.1.0 | 1.1.0 |
Affected products
1Patches
18d70628c96aecopyright headers (#72)
20 files changed · +309 −0
middleware/src/middleware.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const request = require('request');
middleware/test/middleware-test.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const express = require('express');
src/cache.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const datastore = require('@google-cloud/datastore')();
src/index.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <!doctype html> <html lang="en"> <head>
src/main.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const assert = require('assert');
src/renderer.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const CDP = require('chrome-remote-interface');
test/app-test.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const request = require('supertest');
test/cache-test.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const test = require('ava');
test/resources/basic-script.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script> var element = document.createElement('title'); element.textContent = 'document' + '-title';
test/resources/custom-element.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script> class MyElement extends HTMLElement { constructor() {
test/resources/explicit-render-event.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script> setTimeout(() => { document.body.textContent = 'async loaded';
test/resources/http-meta-status-code.html+15 −0 modified@@ -1 +1,16 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <meta name="render:status_code" content="400"> \ No newline at end of file
test/resources/http-meta-status-code-multiple.html+15 −0 modified@@ -1,2 +1,17 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <meta name="render:status_code" content="401"> <meta name="render:status_code" content="402"> \ No newline at end of file
test/resources/include-script.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script src="inject-element-after-load.js"></script> <link rel="import" href="custom-element.html"> <custom-element></custom-element>
test/resources/inject-element-after-load.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + window.onload = function() { var element = document.createElement('div'); element.textContent = 'injected' + 'Element';
test/resources/inject-element.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + var element = document.createElement('div'); element.textContent = 'injectedElement'; document.body.appendChild(element); \ No newline at end of file
test/resources/script-after-load.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script> window.onload = function() { var script = document.createElement('script');
test/resources/shadow-dom-no-polyfill.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <my-element></my-element> <script> class MyElement extends HTMLElement {
test/resources/shadow-dom-polyfill-all.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script src="node_modules/@webcomponents/webcomponentsjs/webcomponents-lite.js"></script> <my-element></my-element> <script>
test/resources/shadow-dom-polyfill-loader.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script src="node_modules/@webcomponents/webcomponentsjs/webcomponents-loader.js"></script> <my-element></my-element> <script>
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-4q69-q4q7-x82cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18353ghsaADVISORY
- bugs.chromium.org/p/chromium/issues/detailghsax_refsource_MISCWEB
- github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0eghsax_refsource_MISCWEB
- github.com/GoogleChrome/rendertron/pull/88ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.