Vulnerabilities > CVE-2010-4484 - Unspecified vulnerability in Google Chrome

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
google
nessus
NVD
Published: 2010-12-07
Updated: 2017-09-19

Summary

Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Google
880

Nessus

NASL familyWindows
NASL idGOOGLE_CHROME_8_0_552_215.NASL
descriptionThe version of Google Chrome installed on the remote host is earlier than 8.0.552.215. Such versions are reportedly affected by multiple vulnerabilities : - It may be possible to bypass the pop-up blocker. (Issue #17655) - A cross-origin video theft vulnerability exists related to canvas. (Issue #55745) - An unspecified crash exists when handling HTML5 databases. (Issue #56237) - Excessive file dialogs could lead to a browser crash. (Issue #58329) - A use after free error exists in history handling. (Issue #59554) - It may be possible to crash the browser when performing http proxy authentication. (Issue #61701) - An out-of-bounds read regression exists in the WebM video support. (Issue #61701) - It may be possible to crash the browser due to bad indexing with malformed video. (Issue #62127) - A memory corruption issue exists relating to malicious privileged extension. (Issue #62168) - A use-after-free error exists in the handling of SVG animations. (Issue #62401) - A use-after-free error exists in the mouse dragging event handling. (Issue #63051) - A double free error exists in XPath handling. (Issue #63444)
last seen2020-06-01
modified2020-06-02
plugin id50977
published2010-12-03
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/50977
titleGoogle Chrome < 8.0.552.215 Multiple Vulnerabilities

Oval

accepted2013-08-12T04:01:14.681-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionGoogle Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
familywindows
idoval:org.mitre.oval:def:12236
statusaccepted
submitted2010-12-13T12:01:17
titleDenial of service (application crash) vulnerability via unspecified vectors in Google Chrome before 8.0.552.215
version52

References