6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.5%
Google Chromeโs Stable channel has been updated to 3.0.195.33 to fix a potential issue that could cause Google Chrome to stop working and a security issue.
This release removes a dependency on a Windows library (t2embed.dll) that is not required by Google Chrome. If that library is missing or the user does not have permission to read it, earlier versions of Google Chrome would fail silently.
Security Fix:
CVE-2009-2816 Custom headers incorrectly sent for CORS OPTIONS request
A malicious web site operator could set custom HTTP headers on cross-origin OPTIONS requests.
More info: https://bugs.webkit.org/show_bug.cgi?id=28446, http://support.apple.com/kb/HT3949
Severity: Low. The majority of users are unlikely to be impacted by this issue.
Credit: Apple Security
Mitigations:
Mark Larson, Google Chrome Team
CPE | Name | Operator | Version |
---|---|---|---|
google chrome | lt | 3.0.195.33 |