Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2974

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2974
Last Modified 28 Aug 2009 12:00:00
Published 27 Aug 2009 01:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2974

Summary

Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property.

Vulnerable Systems

Application

  • Google Chrome 0.2.149.27

  • Google Chrome 0.2.149.29

  • Google Chrome 0.2.149.30

  • Google Chrome 0.2.152.1

  • Google Chrome 0.2.153.1

  • Google Chrome 0.3.154.0

  • Google Chrome 0.3.154.3

  • Google Chrome 0.4.154.18

  • Google Chrome 0.4.154.22

  • Google Chrome 0.4.154.31

  • Google Chrome 0.4.154.33

  • Google Chrome 1.0.154.36

  • Google Chrome 1.0.154.39

  • Google Chrome 1.0.154.42

  • Google Chrome 1.0.154.43

  • Google Chrome 1.0.154.46

  • Google Chrome 1.0.154.48

  • Google Chrome 1.0.154.52

  • Google Chrome 1.0.154.53

  • Google Chrome 1.0.154.59

  • Google Chrome 1.0.154.65


References

MISC - http://websecurity.com.ua/3435/

BUGTRAQ - 20090825 Re: DoS vulnerability in Google Chrome

BUGTRAQ - 20090823 DoS vulnerability in Google Chrome


Last Updated: 27 May 2016 10:51:05