Vulnerabilities > CVE-2010-4487 - Unspecified vulnerability in Google Chrome

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
google
nessus
NVD
Published: 2010-12-07
Updated: 2021-09-08

Summary

Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."

Vulnerable Configurations

Part Description Count
Application
Google
881
OS
Apple
1
OS
Linux
1

Nessus

NASL familyWindows
NASL idGOOGLE_CHROME_8_0_552_215.NASL
descriptionThe version of Google Chrome installed on the remote host is earlier than 8.0.552.215. Such versions are reportedly affected by multiple vulnerabilities : - It may be possible to bypass the pop-up blocker. (Issue #17655) - A cross-origin video theft vulnerability exists related to canvas. (Issue #55745) - An unspecified crash exists when handling HTML5 databases. (Issue #56237) - Excessive file dialogs could lead to a browser crash. (Issue #58329) - A use after free error exists in history handling. (Issue #59554) - It may be possible to crash the browser when performing http proxy authentication. (Issue #61701) - An out-of-bounds read regression exists in the WebM video support. (Issue #61701) - It may be possible to crash the browser due to bad indexing with malformed video. (Issue #62127) - A memory corruption issue exists relating to malicious privileged extension. (Issue #62168) - A use-after-free error exists in the handling of SVG animations. (Issue #62401) - A use-after-free error exists in the mouse dragging event handling. (Issue #63051) - A double free error exists in XPath handling. (Issue #63444)
last seen2020-06-01
modified2020-06-02
plugin id50977
published2010-12-03
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/50977
titleGoogle Chrome < 8.0.552.215 Multiple Vulnerabilities

Oval

accepted2012-02-27T04:00:57.001-05:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
descriptionIncomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."
familywindows
idoval:org.mitre.oval:def:13423
statusdeprecated
submitted2011-11-25T18:06:52.000-05:00
title.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."
version48

References