Lucene search

[email protected]CVE-2010-2298

HistoryJun 15, 2010 - 6:00 p.m.

CVE-2010-2298

2010-06-1518:00:02

CWE-20

[email protected]

web.nvd.nist.gov

google chrome

linux

viewhostmsg_databaseopenfile

sandboxing

cve-2010-2298

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.

Affected configurations

NVD

Node

googlechromeRange<5.0.375.70

AND

linuxlinux_kernelMatch-

CPENameOperatorVersion
google:chromegoogle chromelt5.0.375.70

CPE	Name	Operator	Version
google:chrome	google chrome	lt	5.0.375.70

References

code.google.com/p/chromium/issues/detail?id=43304

googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

secunia.com/advisories/40072

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14154

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

Related for CVE-2010-2298

prion1 debiancve1 ubuntucve1 cvelist1 nvd1 openvas3 nessus1