Vulnerabilities > CVE-2010-2109 - Unspecified vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | GOOGLE_CHROME_5_0_375_55.NASL |
description | The version of Google Chrome installed on the remote host is earlier than 5.0.375.55. As such, it is reportedly affected by multiple vulnerabilities : - URLs do not closely match the Safe Browsing specification. (Issue #7713) - It is possible to spoof URLs with unload event handlers. (Issue #16535) - A memory error exists in the Safe Browsing interaction. (Issue #30079) - It is possible to bypass the whitelist-mode plugin blocker. (Issue #39740) - A memory error exists with drag and drop. (Issue #41469) - JavaScript is incorrectly executed in the extension context. (Issue #42228) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 46732 |
published | 2010-05-26 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/46732 |
title | Google Chrome < 5.0.375.55 Multiple Vulnerabilities |
code |
|
Oval
accepted | 2013-08-12T04:00:57.519-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality. | ||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:12083 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2010-09-06T17:53:36 | ||||||||||||||||||||||||
title | Denial of service in Google Chrome before 5.0.375.55 related to the "drag + drop" functionality | ||||||||||||||||||||||||
version | 50 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 40367 CVE ID: CVE-2010-2105,CVE-2010-2106,CVE-2010-2107,CVE-2010-2108,CVE-2010-2109,CVE-2010-2110 Google Chrome是Google发布的开源WEB浏览器。 Chrome的5.0.375.55版本更新修复了多个安全漏洞,用户受骗访问恶意网页就可能导致绕过安全限制或完全入侵用户系统。 1) Chrome没有正确地遵循对规范化URL的Safe Browsing规范。 2) 上传事件处理器实现中的错误可能导致伪造URL栏。 3) Safe Browsing交互和拖放功能中的错误可能导致内存破坏并执行任意代码。 4) 白名单模式的插件拦截器中的错误可能导致绕过安全限制。 5) 扩展上下文中没有正确地执行JavaScript。 Google Chrome < 5.0.375.55 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.google.com |
id | SSV:19721 |
last seen | 2017-11-19 |
modified | 2010-06-01 |
published | 2010-06-01 |
reporter | Root |
title | Google Chrome 5.0.375.55更新修复多个安全漏洞 |