CVE-2010-0663: Infoleak

First published: Thu Feb 18 2010(Updated: )

The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Google Chrome	=2.0.172.8
Google Chrome	=0.3.154.3
Google Chrome	=3.0.182.2
Google Chrome	=0.2.149.30
Google Chrome	=0.4.154.31
Google Chrome	=1.0.154.39
Google Chrome	=2.0.172.38
Google Chrome	=1.0.154.59
Google Chrome	=0.2.149.27
Google Chrome	=1.0.154.53
Google Chrome	=0.4.154.33
Google Chrome	=2.0.170.0
Google Chrome	=1.0.154.43
Google Chrome	=1.0.154.42
Google Chrome	=2.0.169.1
Google Chrome	=2.0.172.33
Google Chrome	=3.0.195.24
Google Chrome	=3.0.195.33
Google Chrome	=1.0.154.52
Google Chrome	=2.0.172.27
Google Chrome	=1.0.154.65
Google Chrome	=2.0.157.2
Google Chrome	=0.4.154.18
Google Chrome	=0.2.149.29
Google Chrome	=2.0.157.0
Google Chrome	=0.2.152.1
Google Chrome	=0.3.154.0
Google Chrome	<=4.0.249.0
Google Chrome	=0.2.153.1
Google Chrome	=2.0.172.2
Google Chrome	=3.0.195.21
Google Chrome	=2.0.169.0
Google Chrome	=1.0.154.36
Google Chrome	=2.0.172
Google Chrome	=2.0.172.30
Google Chrome	=3.0.193.2-beta
Google Chrome	=2.0.156.1
Google Chrome	=3.0.195.32
Google Chrome	=1.0.154.46
Google Chrome	=3.0.190.2
Google Chrome	=0.4.154.22
Google Chrome	=2.0.159.0
Google Chrome	=2.0.158.0
Google Chrome	=2.0.172.28
Google Chrome	=2.0.172.31
Google Chrome	=1.0.154.48
Google Chrome	=2.0.172.37

Remedy

http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

Never miss a vulnerability like this again

Reference Links

agent/type
agent/description
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/severity
agent/weakness
agent/references
agent/remedy
agent/tags
agent/event
agent/author
collector/mitre-cve
source/MITRE
vendor/google
canonical/google chrome
version/google chrome/4.0.249.0
version/google chrome/0.2.149.27
version/google chrome/0.2.149.29
version/google chrome/0.2.149.30
version/google chrome/0.2.152.1
version/google chrome/0.2.153.1
version/google chrome/0.3.154.0
version/google chrome/0.3.154.3
version/google chrome/0.4.154.18
version/google chrome/0.4.154.22
version/google chrome/0.4.154.31
version/google chrome/0.4.154.33
version/google chrome/1.0.154.36
version/google chrome/1.0.154.39
version/google chrome/1.0.154.42
version/google chrome/1.0.154.43
version/google chrome/1.0.154.46
version/google chrome/1.0.154.48
version/google chrome/1.0.154.52
version/google chrome/1.0.154.53
version/google chrome/1.0.154.59
version/google chrome/1.0.154.65
version/google chrome/2.0.156.1
version/google chrome/2.0.157.0
version/google chrome/2.0.157.2
version/google chrome/2.0.158.0
version/google chrome/2.0.159.0
version/google chrome/2.0.169.0
version/google chrome/2.0.169.1
version/google chrome/2.0.170.0
version/google chrome/2.0.172
version/google chrome/2.0.172.2
version/google chrome/2.0.172.8
version/google chrome/2.0.172.27
version/google chrome/2.0.172.28
version/google chrome/2.0.172.30
version/google chrome/2.0.172.31
version/google chrome/2.0.172.33
version/google chrome/2.0.172.37
version/google chrome/2.0.172.38
version/google chrome/3.0.182.2
version/google chrome/3.0.190.2
version/google chrome/3.0.193.2-beta
version/google chrome/3.0.195.21
version/google chrome/3.0.195.24
version/google chrome/3.0.195.32
version/google chrome/3.0.195.33

CVE-2010-0663: Infoleak

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact