CVE-2010-0663: Infoleak
First published: Thu Feb 18 2010(Updated: )
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome (Trace Event) | =2.0.172.8 | |
| Google Chrome (Trace Event) | =0.3.154.3 | |
| Google Chrome (Trace Event) | =3.0.182.2 | |
| Google Chrome (Trace Event) | =0.2.149.30 | |
| Google Chrome (Trace Event) | =0.4.154.31 | |
| Google Chrome (Trace Event) | =1.0.154.39 | |
| Google Chrome (Trace Event) | =2.0.172.38 | |
| Google Chrome (Trace Event) | =1.0.154.59 | |
| Google Chrome (Trace Event) | =0.2.149.27 | |
| Google Chrome (Trace Event) | =1.0.154.53 | |
| Google Chrome (Trace Event) | =0.4.154.33 | |
| Google Chrome (Trace Event) | =2.0.170.0 | |
| Google Chrome (Trace Event) | =1.0.154.43 | |
| Google Chrome (Trace Event) | =1.0.154.42 | |
| Google Chrome (Trace Event) | =2.0.169.1 | |
| Google Chrome (Trace Event) | =2.0.172.33 | |
| Google Chrome (Trace Event) | =3.0.195.24 | |
| Google Chrome (Trace Event) | =3.0.195.33 | |
| Google Chrome (Trace Event) | =1.0.154.52 | |
| Google Chrome (Trace Event) | =2.0.172.27 | |
| Google Chrome (Trace Event) | =1.0.154.65 | |
| Google Chrome (Trace Event) | =2.0.157.2 | |
| Google Chrome (Trace Event) | =0.4.154.18 | |
| Google Chrome (Trace Event) | =0.2.149.29 | |
| Google Chrome (Trace Event) | =2.0.157.0 | |
| Google Chrome (Trace Event) | =0.2.152.1 | |
| Google Chrome (Trace Event) | =0.3.154.0 | |
| Google Chrome (Trace Event) | <=4.0.249.0 | |
| Google Chrome (Trace Event) | =0.2.153.1 | |
| Google Chrome (Trace Event) | =2.0.172.2 | |
| Google Chrome (Trace Event) | =3.0.195.21 | |
| Google Chrome (Trace Event) | =2.0.169.0 | |
| Google Chrome (Trace Event) | =1.0.154.36 | |
| Google Chrome (Trace Event) | =2.0.172 | |
| Google Chrome (Trace Event) | =2.0.172.30 | |
| Google Chrome (Trace Event) | =3.0.193.2-beta | |
| Google Chrome (Trace Event) | =2.0.156.1 | |
| Google Chrome (Trace Event) | =3.0.195.32 | |
| Google Chrome (Trace Event) | =1.0.154.46 | |
| Google Chrome (Trace Event) | =3.0.190.2 | |
| Google Chrome (Trace Event) | =0.4.154.22 | |
| Google Chrome (Trace Event) | =2.0.159.0 | |
| Google Chrome (Trace Event) | =2.0.158.0 | |
| Google Chrome (Trace Event) | =2.0.172.28 | |
| Google Chrome (Trace Event) | =2.0.172.31 | |
| Google Chrome (Trace Event) | =1.0.154.48 | |
| Google Chrome (Trace Event) | =2.0.172.37 | |
| Google Chrome | <=4.0.249.0 | |
| Google Chrome | =0.2.149.27 | |
| Google Chrome | =0.2.149.29 | |
| Google Chrome | =0.2.149.30 | |
| Google Chrome | =0.2.152.1 | |
| Google Chrome | =0.2.153.1 | |
| Google Chrome | =0.3.154.0 | |
| Google Chrome | =0.3.154.3 | |
| Google Chrome | =0.4.154.18 | |
| Google Chrome | =0.4.154.22 | |
| Google Chrome | =0.4.154.31 | |
| Google Chrome | =0.4.154.33 | |
| Google Chrome | =1.0.154.36 | |
| Google Chrome | =1.0.154.39 | |
| Google Chrome | =1.0.154.42 | |
| Google Chrome | =1.0.154.43 | |
| Google Chrome | =1.0.154.46 | |
| Google Chrome | =1.0.154.48 | |
| Google Chrome | =1.0.154.52 | |
| Google Chrome | =1.0.154.53 | |
| Google Chrome | =1.0.154.59 | |
| Google Chrome | =1.0.154.65 | |
| Google Chrome | =2.0.156.1 | |
| Google Chrome | =2.0.157.0 | |
| Google Chrome | =2.0.157.2 | |
| Google Chrome | =2.0.158.0 | |
| Google Chrome | =2.0.159.0 | |
| Google Chrome | =2.0.169.0 | |
| Google Chrome | =2.0.169.1 | |
| Google Chrome | =2.0.170.0 | |
| Google Chrome | =2.0.172 | |
| Google Chrome | =2.0.172.2 | |
| Google Chrome | =2.0.172.8 | |
| Google Chrome | =2.0.172.27 | |
| Google Chrome | =2.0.172.28 | |
| Google Chrome | =2.0.172.30 | |
| Google Chrome | =2.0.172.31 | |
| Google Chrome | =2.0.172.33 | |
| Google Chrome | =2.0.172.37 | |
| Google Chrome | =2.0.172.38 | |
| Google Chrome | =3.0.182.2 | |
| Google Chrome | =3.0.190.2 | |
| Google Chrome | =3.0.193.2-beta | |
| Google Chrome | =3.0.195.21 | |
| Google Chrome | =3.0.195.24 | |
| Google Chrome | =3.0.195.32 | |
| Google Chrome | =3.0.195.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://code.google.com/p/chromium/issues/detail?id=31307
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002
Frequently Asked Questions
What is the severity of CVE-2010-0663?
CVE-2010-0663 has been classified as a high severity vulnerability due to its potential for information disclosure.
How does CVE-2010-0663 affect users of Google Chrome?
CVE-2010-0663 can allow remote attackers to access sensitive information from process memory by exploiting uninitialized memory locations in Chrome.
What versions of Google Chrome are affected by CVE-2010-0663?
CVE-2010-0663 affects multiple versions of Google Chrome prior to 4.0.249.78, including versions 2.0 and 3.0.
How do I fix CVE-2010-0663?
To fix CVE-2010-0663, users should upgrade to Google Chrome version 4.0.249.78 or later as it contains the necessary patches.
What should I do if I cannot update my version of Google Chrome affected by CVE-2010-0663?
If updating is not possible, users should consider employing additional security measures such as using a different browser until they can upgrade.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/remedy
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/google
- canonical/google chrome (trace event)
- version/google chrome (trace event)/2.0.172.8
- version/google chrome (trace event)/0.3.154.3
- version/google chrome (trace event)/3.0.182.2
- version/google chrome (trace event)/0.2.149.30
- version/google chrome (trace event)/0.4.154.31
- version/google chrome (trace event)/1.0.154.39
- version/google chrome (trace event)/2.0.172.38
- version/google chrome (trace event)/1.0.154.59
- version/google chrome (trace event)/0.2.149.27
- version/google chrome (trace event)/1.0.154.53
- version/google chrome (trace event)/0.4.154.33
- version/google chrome (trace event)/2.0.170.0
- version/google chrome (trace event)/1.0.154.43
- version/google chrome (trace event)/1.0.154.42
- version/google chrome (trace event)/2.0.169.1
- version/google chrome (trace event)/2.0.172.33
- version/google chrome (trace event)/3.0.195.24
- version/google chrome (trace event)/3.0.195.33
- version/google chrome (trace event)/1.0.154.52
- version/google chrome (trace event)/2.0.172.27
- version/google chrome (trace event)/1.0.154.65
- version/google chrome (trace event)/2.0.157.2
- version/google chrome (trace event)/0.4.154.18
- version/google chrome (trace event)/0.2.149.29
- version/google chrome (trace event)/2.0.157.0
- version/google chrome (trace event)/0.2.152.1
- version/google chrome (trace event)/0.3.154.0
- version/google chrome (trace event)/4.0.249.0
- version/google chrome (trace event)/0.2.153.1
- version/google chrome (trace event)/2.0.172.2
- version/google chrome (trace event)/3.0.195.21
- version/google chrome (trace event)/2.0.169.0
- version/google chrome (trace event)/1.0.154.36
- version/google chrome (trace event)/2.0.172
- version/google chrome (trace event)/2.0.172.30
- version/google chrome (trace event)/3.0.193.2-beta
- version/google chrome (trace event)/2.0.156.1
- version/google chrome (trace event)/3.0.195.32
- version/google chrome (trace event)/1.0.154.46
- version/google chrome (trace event)/3.0.190.2
- version/google chrome (trace event)/0.4.154.22
- version/google chrome (trace event)/2.0.159.0
- version/google chrome (trace event)/2.0.158.0
- version/google chrome (trace event)/2.0.172.28
- version/google chrome (trace event)/2.0.172.31
- version/google chrome (trace event)/1.0.154.48
- version/google chrome (trace event)/2.0.172.37
- canonical/google chrome
- version/google chrome/4.0.249.0
- version/google chrome/0.2.149.27
- version/google chrome/0.2.149.29
- version/google chrome/0.2.149.30
- version/google chrome/0.2.152.1
- version/google chrome/0.2.153.1
- version/google chrome/0.3.154.0
- version/google chrome/0.3.154.3
- version/google chrome/0.4.154.18
- version/google chrome/0.4.154.22
- version/google chrome/0.4.154.31
- version/google chrome/0.4.154.33
- version/google chrome/1.0.154.36
- version/google chrome/1.0.154.39
- version/google chrome/1.0.154.42
- version/google chrome/1.0.154.43
- version/google chrome/1.0.154.46
- version/google chrome/1.0.154.48
- version/google chrome/1.0.154.52
- version/google chrome/1.0.154.53
- version/google chrome/1.0.154.59
- version/google chrome/1.0.154.65
- version/google chrome/2.0.156.1
- version/google chrome/2.0.157.0
- version/google chrome/2.0.157.2
- version/google chrome/2.0.158.0
- version/google chrome/2.0.159.0
- version/google chrome/2.0.169.0
- version/google chrome/2.0.169.1
- version/google chrome/2.0.170.0
- version/google chrome/2.0.172
- version/google chrome/2.0.172.2
- version/google chrome/2.0.172.8
- version/google chrome/2.0.172.27
- version/google chrome/2.0.172.28
- version/google chrome/2.0.172.30
- version/google chrome/2.0.172.31
- version/google chrome/2.0.172.33
- version/google chrome/2.0.172.37
- version/google chrome/2.0.172.38
- version/google chrome/3.0.182.2
- version/google chrome/3.0.190.2
- version/google chrome/3.0.193.2-beta
- version/google chrome/3.0.195.21
- version/google chrome/3.0.195.24
- version/google chrome/3.0.195.32
- version/google chrome/3.0.195.33