Https://chromereleases.googleblog.comGCSA-7789576918842099886Stable Update: Bug fix
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.059 Low
EPSS
Percentile
93.4%
Edit 13 May 2009: Disclosing that this release contains the fix for CVE-2009-0945, an issue in WebKit code that also affects Apple’s Safari web browser. We did not want to disclose this until Apple’s fix for Safari users was released.
Google Chrome’s Stable channel has been updated to version 1.0.154.65 to fix a crash during startup for a small percentage of users.
CVE-2009-0945 Denial of service in SVG
A memory corruption issue exists in WebKit’s handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. The arbitrary code would be limited by the Google Chrome sandbox.
More info: http://code.google.com/p/chromium/issues/detail?id=9019
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Mitigations:
- A victim would need to visit a page under an attacker’s control.
- Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.
Mark Larson
Google Chrome Program Manager
| CPE | Name | Operator | Version |
|---|---|---|---|
| google chrome | lt | 1.0.154.65 |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.059 Low
EPSS
Percentile
93.4%