What is the severity of CVE-2009-3933?

CVE-2009-3933 has been classified as a denial of service vulnerability allowing attackers to cause high CPU consumption.

How do I fix CVE-2009-3933?

To fix CVE-2009-3933, users should upgrade to WebKit r50173 or newer and ensure they are using an updated version of Google Chrome.

Which versions are affected by CVE-2009-3933?

CVE-2009-3933 affects WebKit versions before r50173 and Google Chrome versions before 3.0.195.32.

Is CVE-2009-3933 still a concern for users of recent browsers?

No, CVE-2009-3933 is not a concern for users of updated browsers since the vulnerability has been patched in later versions.

What type of attack does CVE-2009-3933 involve?

CVE-2009-3933 involves a denial of service attack that can exploit JavaScript's setInterval method.

Vulnerability/
CVE-2009-3933

medium

CWE

399

12/11/2009

7/8/2024

CVE-2009-3933

First published: Thu Nov 12 2009(Updated: )

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
WebKit	<=r50173
Google Chrome (Trace Event)	<=3.0.195.24
Google Chrome (Trace Event)	=0.2.149.27
Google Chrome (Trace Event)	=0.2.149.29
Google Chrome (Trace Event)	=0.2.149.30
Google Chrome (Trace Event)	=0.2.152.1
Google Chrome (Trace Event)	=0.2.153.1
Google Chrome (Trace Event)	=0.3.154.0
Google Chrome (Trace Event)	=0.3.154.3
Google Chrome (Trace Event)	=0.4.154.18
Google Chrome (Trace Event)	=0.4.154.22
Google Chrome (Trace Event)	=0.4.154.31
Google Chrome (Trace Event)	=0.4.154.33
Google Chrome (Trace Event)	=1.0.154.36
Google Chrome (Trace Event)	=1.0.154.39
Google Chrome (Trace Event)	=1.0.154.42
Google Chrome (Trace Event)	=1.0.154.43
Google Chrome (Trace Event)	=1.0.154.46
Google Chrome (Trace Event)	=1.0.154.48
Google Chrome (Trace Event)	=1.0.154.52
Google Chrome (Trace Event)	=1.0.154.53
Google Chrome (Trace Event)	=1.0.154.59
Google Chrome (Trace Event)	=1.0.154.65
Google Chrome (Trace Event)	=2.0.156.1
Google Chrome (Trace Event)	=2.0.157.0
Google Chrome (Trace Event)	=2.0.157.2
Google Chrome (Trace Event)	=2.0.158.0
Google Chrome (Trace Event)	=2.0.159.0
Google Chrome (Trace Event)	=2.0.169.0
Google Chrome (Trace Event)	=2.0.169.1
Google Chrome (Trace Event)	=2.0.170.0
Google Chrome (Trace Event)	=2.0.172
Google Chrome (Trace Event)	=2.0.172.2
Google Chrome (Trace Event)	=2.0.172.8
Google Chrome (Trace Event)	=2.0.172.27
Google Chrome (Trace Event)	=2.0.172.28
Google Chrome (Trace Event)	=2.0.172.30
Google Chrome (Trace Event)	=2.0.172.31
Google Chrome (Trace Event)	=2.0.172.33
Google Chrome (Trace Event)	=2.0.172.37
Google Chrome (Trace Event)	=2.0.172.38
Google Chrome (Trace Event)	=3.0.182.2
Google Chrome (Trace Event)	=3.0.190.2
Google Chrome (Trace Event)	=3.0.193.2-beta
Google Chrome (Trace Event)	=3.0.195.21

Remedy

http://codereview.chromium.org/339039

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-3933?
CVE-2009-3933 has been classified as a denial of service vulnerability allowing attackers to cause high CPU consumption.
How do I fix CVE-2009-3933?
To fix CVE-2009-3933, users should upgrade to WebKit r50173 or newer and ensure they are using an updated version of Google Chrome.
Which versions are affected by CVE-2009-3933?
CVE-2009-3933 affects WebKit versions before r50173 and Google Chrome versions before 3.0.195.32.
Is CVE-2009-3933 still a concern for users of recent browsers?
No, CVE-2009-3933 is not a concern for users of updated browsers since the vulnerability has been patched in later versions.
What type of attack does CVE-2009-3933 involve?
CVE-2009-3933 involves a denial of service attack that can exploit JavaScript's setInterval method.

collector/nvd-historical
agent/references
agent/type
agent/author
agent/weakness
agent/severity
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/webkit
canonical/webkit
version/webkit/r50173
vendor/google
canonical/google chrome (trace event)
version/google chrome (trace event)/3.0.195.24
version/google chrome (trace event)/0.2.149.27
version/google chrome (trace event)/0.2.149.29
version/google chrome (trace event)/0.2.149.30
version/google chrome (trace event)/0.2.152.1
version/google chrome (trace event)/0.2.153.1
version/google chrome (trace event)/0.3.154.0
version/google chrome (trace event)/0.3.154.3
version/google chrome (trace event)/0.4.154.18
version/google chrome (trace event)/0.4.154.22
version/google chrome (trace event)/0.4.154.31
version/google chrome (trace event)/0.4.154.33
version/google chrome (trace event)/1.0.154.36
version/google chrome (trace event)/1.0.154.39
version/google chrome (trace event)/1.0.154.42
version/google chrome (trace event)/1.0.154.43
version/google chrome (trace event)/1.0.154.46
version/google chrome (trace event)/1.0.154.48
version/google chrome (trace event)/1.0.154.52
version/google chrome (trace event)/1.0.154.53
version/google chrome (trace event)/1.0.154.59
version/google chrome (trace event)/1.0.154.65
version/google chrome (trace event)/2.0.156.1
version/google chrome (trace event)/2.0.157.0
version/google chrome (trace event)/2.0.157.2
version/google chrome (trace event)/2.0.158.0
version/google chrome (trace event)/2.0.159.0
version/google chrome (trace event)/2.0.169.0
version/google chrome (trace event)/2.0.169.1
version/google chrome (trace event)/2.0.170.0
version/google chrome (trace event)/2.0.172
version/google chrome (trace event)/2.0.172.2
version/google chrome (trace event)/2.0.172.8
version/google chrome (trace event)/2.0.172.27
version/google chrome (trace event)/2.0.172.28
version/google chrome (trace event)/2.0.172.30
version/google chrome (trace event)/2.0.172.31
version/google chrome (trace event)/2.0.172.33
version/google chrome (trace event)/2.0.172.37
version/google chrome (trace event)/2.0.172.38
version/google chrome (trace event)/3.0.182.2
version/google chrome (trace event)/3.0.190.2
version/google chrome (trace event)/3.0.193.2-beta
version/google chrome (trace event)/3.0.195.21