9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
72.2%
Google Chrome 2.0.172.33 has been released to the Stable and Beta channels. This release fixes a critical security issue and two other networking bugs.
CVE-2009-2121: Buffer overflow processing HTTP responses
Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly allow an attacker to run arbitrary code.
More info: http://code.google.com/p/chromium/issues/detail?id=14508 (This issue will be made public once a majority of users are up to date with the fix.)
Severity: Critical. An attacker might be able to run code with the privileges of the logged on user.
**Credit:**This issue was found by the Google Chrome security team.
Other issues
This release also fixes two other network issues:
NTLM authentication to Squid proxies fails when trying to connect to HTTPS sites (Issue 8771)
Browser crash when loading some HTTPS sites (Issue 13226)
Mark Larson
Google Chrome Program Manager
CPE | Name | Operator | Version |
---|---|---|---|
google chrome | lt | 2.0.172.33 |