Vulnerabilities > CVE-2009-1442 - Numeric Errors vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | GOOGLE_CHROME_1_0_154_64.NASL |
| description | The version of Google Chrome installed on the remote host is earlier than 1.0.154.64. Such versions are reportedly affected by multiple vulnerabilities : - A failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. (CVE-2009-1441) - A failure to check the result of integer multiplication when computing image sizes could allow a specially crafted image or canvas to cause a tab to crash and possibly allow an attacker to execute arbitrary code inside the (sandboxed) renderer process. (CVE-2009-1442) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 38699 |
| published | 2009-05-07 |
| reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/38699 |
| title | Google Chrome < 1.0.154.64 Multiple Overflows |
References
- http://code.google.com/p/chromium/issues/detail?id=10736
- http://code.google.com/p/skia/source/detail?r=159
- http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html
- http://osvdb.org/54248
- http://secunia.com/advisories/35014
- http://www.securityfocus.com/bid/34859
- http://www.securitytracker.com/id?1022175
- http://www.vupen.com/english/advisories/2009/1266