9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.037 Low
EPSS
Percentile
91.8%
Google Chrome’s Stable channel has been updated to version 1.0.154.64 to fix two security issues discovered by internal Google testing.
This release also contains
Security Fixes
CVE-2009-1441: Input validation error in the browser process.
A failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
More info: http://code.google.com/p/chromium/issues/detail?id=10869
Severity: Critical. An attacker might be able to run code with the privileges of the logged on user.
Mitigation: An attacker would need to be able to run arbitrary code in the renderer process.
CVE-2009-1442: Integer overflow in Skia 2D graphics.
A failure to check the result of integer multiplication when computing image sizes could allow a specially-crafted image or canvas to cause a tab to crash and it might be possible for an attacker to execute arbitrary code inside the (sandboxed) renderer process.
More info: http://code.google.com/p/chromium/issues/detail?id=10736
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Mitigations:
Mark Larson
Google Chrome Program Manager
CPE | Name | Operator | Version |
---|---|---|---|
google chrome | lt | 1.0.154.64 |