CVE-2010-0645: Integer Overflow
First published: Thu Feb 18 2010(Updated: )
Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome (Trace Event) | =2.0.172.8 | |
| Google Chrome (Trace Event) | =0.3.154.3 | |
| Google Chrome (Trace Event) | =3.0.182.2 | |
| Google Chrome (Trace Event) | =0.2.149.30 | |
| Google Chrome (Trace Event) | =0.4.154.31 | |
| Google Chrome (Trace Event) | =1.0.154.39 | |
| Google Chrome (Trace Event) | =2.0.172.38 | |
| Google Chrome (Trace Event) | =1.0.154.59 | |
| Google Chrome (Trace Event) | =0.2.149.27 | |
| Google Chrome (Trace Event) | =1.0.154.53 | |
| Google Chrome (Trace Event) | =0.4.154.33 | |
| Google Chrome (Trace Event) | =2.0.170.0 | |
| Google Chrome (Trace Event) | =1.0.154.43 | |
| Google Chrome (Trace Event) | =1.0.154.42 | |
| Google Chrome (Trace Event) | =2.0.169.1 | |
| Google Chrome (Trace Event) | =2.0.172.33 | |
| Google Chrome (Trace Event) | =3.0.195.24 | |
| Google Chrome (Trace Event) | =3.0.195.33 | |
| Google Chrome (Trace Event) | =1.0.154.52 | |
| Google Chrome (Trace Event) | =2.0.172.27 | |
| Google Chrome (Trace Event) | =1.0.154.65 | |
| Google Chrome (Trace Event) | =2.0.157.2 | |
| Google Chrome (Trace Event) | =0.4.154.18 | |
| Google Chrome (Trace Event) | =0.2.149.29 | |
| Google Chrome (Trace Event) | =2.0.157.0 | |
| Google Chrome (Trace Event) | =0.2.152.1 | |
| Google Chrome (Trace Event) | =0.3.154.0 | |
| Google Chrome (Trace Event) | <=4.0.249.78 | |
| Google Chrome (Trace Event) | =0.2.153.1 | |
| Google Chrome (Trace Event) | =2.0.172.2 | |
| Google Chrome (Trace Event) | =3.0.195.21 | |
| Google Chrome (Trace Event) | =2.0.169.0 | |
| Google Chrome (Trace Event) | =1.0.154.36 | |
| Google Chrome (Trace Event) | =2.0.172 | |
| Google Chrome (Trace Event) | =2.0.172.30 | |
| Google Chrome (Trace Event) | =3.0.193.2-beta | |
| Google Chrome (Trace Event) | =2.0.156.1 | |
| Google Chrome (Trace Event) | =3.0.195.32 | |
| Google Chrome (Trace Event) | =1.0.154.46 | |
| Google Chrome (Trace Event) | =3.0.190.2 | |
| Google Chrome (Trace Event) | =0.4.154.22 | |
| Google Chrome (Trace Event) | =2.0.159.0 | |
| Google Chrome (Trace Event) | =2.0.158.0 | |
| Google Chrome (Trace Event) | =2.0.172.28 | |
| Google Chrome (Trace Event) | =2.0.172.31 | |
| Google Chrome (Trace Event) | =1.0.154.48 | |
| Google Chrome (Trace Event) | =2.0.172.37 | |
| Google Chrome | <=4.0.249.78 | |
| Google Chrome | =0.2.149.27 | |
| Google Chrome | =0.2.149.29 | |
| Google Chrome | =0.2.149.30 | |
| Google Chrome | =0.2.152.1 | |
| Google Chrome | =0.2.153.1 | |
| Google Chrome | =0.3.154.0 | |
| Google Chrome | =0.3.154.3 | |
| Google Chrome | =0.4.154.18 | |
| Google Chrome | =0.4.154.22 | |
| Google Chrome | =0.4.154.31 | |
| Google Chrome | =0.4.154.33 | |
| Google Chrome | =1.0.154.36 | |
| Google Chrome | =1.0.154.39 | |
| Google Chrome | =1.0.154.42 | |
| Google Chrome | =1.0.154.43 | |
| Google Chrome | =1.0.154.46 | |
| Google Chrome | =1.0.154.48 | |
| Google Chrome | =1.0.154.52 | |
| Google Chrome | =1.0.154.53 | |
| Google Chrome | =1.0.154.59 | |
| Google Chrome | =1.0.154.65 | |
| Google Chrome | =2.0.156.1 | |
| Google Chrome | =2.0.157.0 | |
| Google Chrome | =2.0.157.2 | |
| Google Chrome | =2.0.158.0 | |
| Google Chrome | =2.0.159.0 | |
| Google Chrome | =2.0.169.0 | |
| Google Chrome | =2.0.169.1 | |
| Google Chrome | =2.0.170.0 | |
| Google Chrome | =2.0.172 | |
| Google Chrome | =2.0.172.2 | |
| Google Chrome | =2.0.172.8 | |
| Google Chrome | =2.0.172.27 | |
| Google Chrome | =2.0.172.28 | |
| Google Chrome | =2.0.172.30 | |
| Google Chrome | =2.0.172.31 | |
| Google Chrome | =2.0.172.33 | |
| Google Chrome | =2.0.172.37 | |
| Google Chrome | =2.0.172.38 | |
| Google Chrome | =3.0.182.2 | |
| Google Chrome | =3.0.190.2 | |
| Google Chrome | =3.0.193.2-beta | |
| Google Chrome | =3.0.195.21 | |
| Google Chrome | =3.0.195.24 | |
| Google Chrome | =3.0.195.32 | |
| Google Chrome | =3.0.195.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://code.google.com/p/chromium/issues/detail?id=31009
- http://code.google.com/p/v8/source/detail?r=3560
- http://codereview.chromium.org/525064
- http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
- http://secunia.com/advisories/38545
- http://securitytracker.com/id?1023583
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- http://www.osvdb.org/62316
- http://www.securityfocus.com/bid/38177
- http://www.vupen.com/english/advisories/2010/0361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56213
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14508
Frequently Asked Questions
What is the severity of CVE-2010-0645?
CVE-2010-0645 has been classified with high severity due to its ability to allow remote code execution in the Chrome sandbox.
How do I fix CVE-2010-0645?
To fix CVE-2010-0645, update Google Chrome to version 4.0.249.89 or later.
Which versions of Google Chrome are affected by CVE-2010-0645?
CVE-2010-0645 affects Google Chrome versions prior to 4.0.249.89.
Can CVE-2010-0645 be exploited via JavaScript?
Yes, CVE-2010-0645 can be exploited through vulnerable JavaScript array manipulations.
What kind of vulnerability is CVE-2010-0645?
CVE-2010-0645 is characterized as an integer overflow vulnerability.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/google
- canonical/google chrome (trace event)
- version/google chrome (trace event)/2.0.172.8
- version/google chrome (trace event)/0.3.154.3
- version/google chrome (trace event)/3.0.182.2
- version/google chrome (trace event)/0.2.149.30
- version/google chrome (trace event)/0.4.154.31
- version/google chrome (trace event)/1.0.154.39
- version/google chrome (trace event)/2.0.172.38
- version/google chrome (trace event)/1.0.154.59
- version/google chrome (trace event)/0.2.149.27
- version/google chrome (trace event)/1.0.154.53
- version/google chrome (trace event)/0.4.154.33
- version/google chrome (trace event)/2.0.170.0
- version/google chrome (trace event)/1.0.154.43
- version/google chrome (trace event)/1.0.154.42
- version/google chrome (trace event)/2.0.169.1
- version/google chrome (trace event)/2.0.172.33
- version/google chrome (trace event)/3.0.195.24
- version/google chrome (trace event)/3.0.195.33
- version/google chrome (trace event)/1.0.154.52
- version/google chrome (trace event)/2.0.172.27
- version/google chrome (trace event)/1.0.154.65
- version/google chrome (trace event)/2.0.157.2
- version/google chrome (trace event)/0.4.154.18
- version/google chrome (trace event)/0.2.149.29
- version/google chrome (trace event)/2.0.157.0
- version/google chrome (trace event)/0.2.152.1
- version/google chrome (trace event)/0.3.154.0
- version/google chrome (trace event)/4.0.249.78
- version/google chrome (trace event)/0.2.153.1
- version/google chrome (trace event)/2.0.172.2
- version/google chrome (trace event)/3.0.195.21
- version/google chrome (trace event)/2.0.169.0
- version/google chrome (trace event)/1.0.154.36
- version/google chrome (trace event)/2.0.172
- version/google chrome (trace event)/2.0.172.30
- version/google chrome (trace event)/3.0.193.2-beta
- version/google chrome (trace event)/2.0.156.1
- version/google chrome (trace event)/3.0.195.32
- version/google chrome (trace event)/1.0.154.46
- version/google chrome (trace event)/3.0.190.2
- version/google chrome (trace event)/0.4.154.22
- version/google chrome (trace event)/2.0.159.0
- version/google chrome (trace event)/2.0.158.0
- version/google chrome (trace event)/2.0.172.28
- version/google chrome (trace event)/2.0.172.31
- version/google chrome (trace event)/1.0.154.48
- version/google chrome (trace event)/2.0.172.37
- canonical/google chrome
- version/google chrome/4.0.249.78
- version/google chrome/0.2.149.27
- version/google chrome/0.2.149.29
- version/google chrome/0.2.149.30
- version/google chrome/0.2.152.1
- version/google chrome/0.2.153.1
- version/google chrome/0.3.154.0
- version/google chrome/0.3.154.3
- version/google chrome/0.4.154.18
- version/google chrome/0.4.154.22
- version/google chrome/0.4.154.31
- version/google chrome/0.4.154.33
- version/google chrome/1.0.154.36
- version/google chrome/1.0.154.39
- version/google chrome/1.0.154.42
- version/google chrome/1.0.154.43
- version/google chrome/1.0.154.46
- version/google chrome/1.0.154.48
- version/google chrome/1.0.154.52
- version/google chrome/1.0.154.53
- version/google chrome/1.0.154.59
- version/google chrome/1.0.154.65
- version/google chrome/2.0.156.1
- version/google chrome/2.0.157.0
- version/google chrome/2.0.157.2
- version/google chrome/2.0.158.0
- version/google chrome/2.0.159.0
- version/google chrome/2.0.169.0
- version/google chrome/2.0.169.1
- version/google chrome/2.0.170.0
- version/google chrome/2.0.172
- version/google chrome/2.0.172.2
- version/google chrome/2.0.172.8
- version/google chrome/2.0.172.27
- version/google chrome/2.0.172.28
- version/google chrome/2.0.172.30
- version/google chrome/2.0.172.31
- version/google chrome/2.0.172.33
- version/google chrome/2.0.172.37
- version/google chrome/2.0.172.38
- version/google chrome/3.0.182.2
- version/google chrome/3.0.190.2
- version/google chrome/3.0.193.2-beta
- version/google chrome/3.0.195.21
- version/google chrome/3.0.195.24
- version/google chrome/3.0.195.32
- version/google chrome/3.0.195.33