CVE-2009-2935

Опубликовано: 27 авг. 2009

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.

Ссылки

http://code.google.com/p/chromium/issues/detail?id=18639
Vendor Advisory
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
Vendor Advisory
http://osvdb.org/57421
http://secunia.com/advisories/36417
Vendor Advisory
http://www.securityfocus.com/bid/36149
http://www.securitytracker.com/id?1022773
http://www.vupen.com/english/advisories/2009/2420
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52902
http://code.google.com/p/chromium/issues/detail?id=18639
Vendor Advisory
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
Vendor Advisory
http://osvdb.org/57421
http://secunia.com/advisories/36417
Vendor Advisory
http://www.securityfocus.com/bid/36149
http://www.securitytracker.com/id?1022773
http://www.vupen.com/english/advisories/2009/2420
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52902

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Версия до 2.0.172.37 (включая)

cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.0262

Низкий

10 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2009-2935

debian

больше 16 лет назад

Google V8, as used in Google Chrome before 2.0.172.43, allows remote a ...

GHSA-vvc2-xvcw-8qmf

github

почти 4 года назад