6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%
3.0.195.24 has been promoted to the stable channel. There are no additional fixes or changes in this release.
Security Fixes:
CVE-2009-0689 dtoa() error parsing long floating point numbers
The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component.
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected.
Mitigations:
CPE | Name | Operator | Version |
---|---|---|---|
google chrome | lt | 3.0.195.24 |