CVE-2010-0663

2010-02-1818:00:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2010-0663

paramtraits

skbitmap

google chrome

remote attack

sensitive information

memory initialization

process memory

thumbnail database

html canvas

security vulnerability

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.

CPENameOperatorVersion
google:chromegoogle chromeeq2.0.172.8
google:chromegoogle chromeeq0.3.154.3
google:chromegoogle chromeeq3.0.182.2
google:chromegoogle chromeeq0.2.149.30
google:chromegoogle chromeeq0.4.154.31
google:chromegoogle chromeeq1.0.154.39
google:chromegoogle chromeeq2.0.172.38
google:chromegoogle chromeeq1.0.154.59
google:chromegoogle chromeeq0.2.149.27
google:chromegoogle chromeeq1.0.154.53

CPE	Name	Operator	Version
google:chrome	google chrome	eq	2.0.172.8
google:chrome	google chrome	eq	0.3.154.3
google:chrome	google chrome	eq	3.0.182.2
google:chrome	google chrome	eq	0.2.149.30
google:chrome	google chrome	eq	0.4.154.31
google:chrome	google chrome	eq	1.0.154.39
google:chrome	google chrome	eq	2.0.172.38
google:chrome	google chrome	eq	1.0.154.59
google:chrome	google chrome	eq	0.2.149.27
google:chrome	google chrome	eq	1.0.154.53