Vulnerabilities > CVE-2010-0655 - Resource Management Errors vulnerability in Google Chrome

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
google
CWE-399
critical
nessus
exploit available

Summary

Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site. Per: http://cwe.mitre.org/data/definitions/416.html 'Use After Free CWE-416'

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMozilla Firefox 3.5.8 Style Sheet Redirection Information Disclosure Vulnerability. CVE-2010-0655. Remote exploits for multiple platform
idEDB-ID:33664
last seen2016-02-03
modified2010-01-09
published2010-01-09
reporterCesar Cerrudo
sourcehttps://www.exploit-db.com/download/33664/
titleMozilla Firefox <= 3.5.8 Style Sheet Redirection Information Disclosure Vulnerability

Nessus

NASL familyWindows
NASL idGOOGLE_CHROME_4_0_249_78.NASL
descriptionThe version of Google Chrome installed on the remote host is earlier than 4.0.249.78. Such versions are reportedly affected by multiple vulnerabilities : - A pop-up blocker bypass. (Issue #3275) - Cross-domain theft due to CSS design error. (Issue #9877) - Browser memory error with stale pop-up block menu. (Issue #12523) - An unspecified error allows XMLHttpRequests to directories. (Issue #20450) - An unspecified error exists related to escaping characters in shortcuts. (Issue #23693) - Renderer memory errors exist when drawing on canvases. (Issue #8864, #24701, #24646) - An image decoding memory error. (Issue #28566) - An unspecified error exists that could result in failure to strip
last seen2020-06-01
modified2020-06-02
plugin id44317
published2010-01-26
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/44317
titleGoogle Chrome < 4.0.249.78 Multiple Vulnerabilities

Oval

accepted2014-04-07T04:00:40.565-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site.
familywindows
idoval:org.mitre.oval:def:14069
statusaccepted
submitted2011-11-25T18:05:39.000-05:00
titleUse-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site.
version52