cvelistv5 - cve-2009-2935

CVE-2009-2935 (GCVE-0-2009-2935)

Vulnerability from cvelistv5 – Published: 2009-08-27 16:31 – Updated: 2024-08-07 06:07

Summary

Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2009/2420	vdb-entryx_refsource_VUPEN
	http://osvdb.org/57421	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/36417	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/36149	vdb-entryx_refsource_BID
	http://googlechromereleases.blogspot.com/2009/08/…	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1022773	vdb-entryx_refsource_SECTRACK
	http://code.google.com/p/chromium/issues/detail?i…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:37.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-2420",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2420"
          },
          {
            "name": "57421",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/57421"
          },
          {
            "name": "36417",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36417"
          },
          {
            "name": "36149",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
          },
          {
            "name": "1022773",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022773"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://code.google.com/p/chromium/issues/detail?id=18639"
          },
          {
            "name": "google-chrome-v8-security-bypass(52902)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-2420",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2420"
        },
        {
          "name": "57421",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/57421"
        },
        {
          "name": "36417",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36417"
        },
        {
          "name": "36149",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
        },
        {
          "name": "1022773",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022773"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://code.google.com/p/chromium/issues/detail?id=18639"
        },
        {
          "name": "google-chrome-v8-security-bypass(52902)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-2420",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2420"
            },
            {
              "name": "57421",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/57421"
            },
            {
              "name": "36417",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36417"
            },
            {
              "name": "36149",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36149"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
            },
            {
              "name": "1022773",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022773"
            },
            {
              "name": "http://code.google.com/p/chromium/issues/detail?id=18639",
              "refsource": "CONFIRM",
              "url": "http://code.google.com/p/chromium/issues/detail?id=18639"
            },
            {
              "name": "google-chrome-v8-security-bypass(52902)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2935",
    "datePublished": "2009-08-27T16:31:00",
    "dateReserved": "2009-08-23T00:00:00",
    "dateUpdated": "2024-08-07T06:07:37.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.0.172.37\", \"matchCriteriaId\": \"1FBFF8DA-5CD2-420E-A9A3-53475271997B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D55D5075-D233-42D6-B1D6-77B7599650EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B8FF77A-7802-4963-B532-3F16C7BB012C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D73576CF-76EE-42A3-9955-D7991384B8C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD4A2AB1-6F90-4D0B-A673-C6310514CE63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66A4FEB5-11D8-4FFC-972D-A3B991176040\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6313614-FC3C-488C-B80B-191797319A56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CDF3DAB-73C4-48E8-9B0B-DADABF217555\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B2FAE50-4CA3-46F6-B533-C599011A9ED5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0D94F22-37B6-4938-966A-E1830D83FBC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8B7164E-7A4F-4959-9E6D-EF614EDD4C3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C0F9D75-B10D-468F-84D8-61B6A1230556\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D2CAE29-3F1E-4374-B82C-B60B7BB4AEAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"173D539E-045E-4429-80C9-5749BECC6CD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2052352-FECC-4990-B0F4-A715694AD816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCBC80CB-4AB8-4EDF-9940-D2D7124D7549\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E37938BB-8368-46D6-A8E4-F99F5CB9B82E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6659833E-E309-4797-84D4-A782237714A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE4C0D93-0308-48D4-A953-9398B88E2868\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE5094C4-1338-4189-B5FD-C9AFFF091D6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51A8C3D2-82E6-453E-90B7-BA5C5D2CDF54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2F95770-F36F-43C0-986F-5C819648271E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECCE1FD3-8D27-4304-97F9-6F9689F2498D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F6CA696-49AA-4445-B978-96C1D8CE58DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9CFA3BF-6C07-448B-8C83-AD4C524A6577\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8497F93-D88A-4FFA-B988-7210608530A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5CDF938-2998-403F-B343-29B620E05D44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4A9B50D-5B0F-41C9-8FAF-B78CD21A0554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F5223F1-85CD-4DF9-9665-BDF7B554A784\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DD7AFBA-A9A2-4EE9-B652-78D25EFBB690\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.\"}, {\"lang\": \"es\", \"value\": \"Google V8, usado en Google Chrome anteriores a v2.0.172.43, permite a los atacantes remotos, evitar restricciones intencionadas o lecturas de memoria, y posiblemente obtener informaci\\u00f3n sensible o ejecuci\\u00f3n arbitraria de c\\u00f3digo en el Chrome sandbox, a trav\\u00e9s de JavaScript manipulado.\"}]",
      "id": "CVE-2009-2935",
      "lastModified": "2024-11-21T01:06:06.100",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-08-27T17:00:01.127",
      "references": "[{\"url\": \"http://code.google.com/p/chromium/issues/detail?id=18639\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/57421\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/36417\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/36149\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1022773\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2420\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/52902\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://code.google.com/p/chromium/issues/detail?id=18639\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/57421\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36417\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/36149\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1022773\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2420\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/52902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2935\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-27T17:00:01.127\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.\"},{\"lang\":\"es\",\"value\":\"Google V8, usado en Google Chrome anteriores a v2.0.172.43, permite a los atacantes remotos, evitar restricciones intencionadas o lecturas de memoria, y posiblemente obtener informaci\u00f3n sensible o ejecuci\u00f3n arbitraria de c\u00f3digo en el Chrome sandbox, a trav\u00e9s de JavaScript manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.172.37\",\"matchCriteriaId\":\"1FBFF8DA-5CD2-420E-A9A3-53475271997B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55D5075-D233-42D6-B1D6-77B7599650EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8FF77A-7802-4963-B532-3F16C7BB012C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D73576CF-76EE-42A3-9955-D7991384B8C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD4A2AB1-6F90-4D0B-A673-C6310514CE63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66A4FEB5-11D8-4FFC-972D-A3B991176040\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6313614-FC3C-488C-B80B-191797319A56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CDF3DAB-73C4-48E8-9B0B-DADABF217555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B2FAE50-4CA3-46F6-B533-C599011A9ED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D94F22-37B6-4938-966A-E1830D83FBC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8B7164E-7A4F-4959-9E6D-EF614EDD4C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C0F9D75-B10D-468F-84D8-61B6A1230556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D2CAE29-3F1E-4374-B82C-B60B7BB4AEAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"173D539E-045E-4429-80C9-5749BECC6CD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2052352-FECC-4990-B0F4-A715694AD816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCBC80CB-4AB8-4EDF-9940-D2D7124D7549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37938BB-8368-46D6-A8E4-F99F5CB9B82E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6659833E-E309-4797-84D4-A782237714A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4C0D93-0308-48D4-A953-9398B88E2868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE5094C4-1338-4189-B5FD-C9AFFF091D6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A8C3D2-82E6-453E-90B7-BA5C5D2CDF54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2F95770-F36F-43C0-986F-5C819648271E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECCE1FD3-8D27-4304-97F9-6F9689F2498D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F6CA696-49AA-4445-B978-96C1D8CE58DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9CFA3BF-6C07-448B-8C83-AD4C524A6577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8497F93-D88A-4FFA-B988-7210608530A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5CDF938-2998-403F-B343-29B620E05D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A9B50D-5B0F-41C9-8FAF-B78CD21A0554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F5223F1-85CD-4DF9-9665-BDF7B554A784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DD7AFBA-A9A2-4EE9-B652-78D25EFBB690\"}]}]}],\"references\":[{\"url\":\"http://code.google.com/p/chromium/issues/detail?id=18639\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/57421\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36417\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/36149\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1022773\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2420\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52902\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://code.google.com/p/chromium/issues/detail?id=18639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/57421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/36149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/52902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2009-AVI-355

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant, entre autres, l'exécution de code arbitraire à distance ont été découvertes dans Google Chrome.

Description

Plusieurs vulnérabilités ont été découvertes dans le navigateur Google Chrome :

la première vulnérabilité est due à une erreur dans le moteur d'interprétation du langage javascript et permet à un utilisateur malveillant d'accéder à la mémoire ;
la deuxième vulnérabilité est due à une mauvaise gestion des certificats SSL, permettant ainsi de contourner les mécanismes de confidentialité mis en place ;
les deux dernières vulnérabilités sont issues de l'utilisation d'une version vulnérable de la bibliothèque libxml2, et permettent à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Chrome versions antérieures à la version 2.0.172.43.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Note de mise à jour Google Chrome du 25 août 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eGoogle Chrome versions ant\u00e9rieures \u00e0 la  version 2.0.172.43.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le navigateur Google\nChrome :\n\n-   la premi\u00e8re vuln\u00e9rabilit\u00e9 est due \u00e0 une erreur dans le moteur\n    d\u0027interpr\u00e9tation du langage javascript et permet \u00e0 un utilisateur\n    malveillant d\u0027acc\u00e9der \u00e0 la m\u00e9moire ;\n-   la deuxi\u00e8me vuln\u00e9rabilit\u00e9 est due \u00e0 une mauvaise gestion des\n    certificats SSL, permettant ainsi de contourner les m\u00e9canismes de\n    confidentialit\u00e9 mis en place ;\n-   les deux derni\u00e8res vuln\u00e9rabilit\u00e9s sont issues de l\u0027utilisation d\u0027une\n    version vuln\u00e9rable de la biblioth\u00e8que libxml2, et permettent \u00e0 un\n    utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0\n    distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2935"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-355",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant, entre autres, l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s du navigateur Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de mise \u00e0 jour Google Chrome du 25 ao\u00fbt 2009",
      "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
    }
  ]
}

CERTA-2009-AVI-355

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant, entre autres, l'exécution de code arbitraire à distance ont été découvertes dans Google Chrome.

Description

Plusieurs vulnérabilités ont été découvertes dans le navigateur Google Chrome :

la première vulnérabilité est due à une erreur dans le moteur d'interprétation du langage javascript et permet à un utilisateur malveillant d'accéder à la mémoire ;
la deuxième vulnérabilité est due à une mauvaise gestion des certificats SSL, permettant ainsi de contourner les mécanismes de confidentialité mis en place ;
les deux dernières vulnérabilités sont issues de l'utilisation d'une version vulnérable de la bibliothèque libxml2, et permettent à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Chrome versions antérieures à la version 2.0.172.43.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Note de mise à jour Google Chrome du 25 août 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eGoogle Chrome versions ant\u00e9rieures \u00e0 la  version 2.0.172.43.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le navigateur Google\nChrome :\n\n-   la premi\u00e8re vuln\u00e9rabilit\u00e9 est due \u00e0 une erreur dans le moteur\n    d\u0027interpr\u00e9tation du langage javascript et permet \u00e0 un utilisateur\n    malveillant d\u0027acc\u00e9der \u00e0 la m\u00e9moire ;\n-   la deuxi\u00e8me vuln\u00e9rabilit\u00e9 est due \u00e0 une mauvaise gestion des\n    certificats SSL, permettant ainsi de contourner les m\u00e9canismes de\n    confidentialit\u00e9 mis en place ;\n-   les deux derni\u00e8res vuln\u00e9rabilit\u00e9s sont issues de l\u0027utilisation d\u0027une\n    version vuln\u00e9rable de la biblioth\u00e8que libxml2, et permettent \u00e0 un\n    utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0\n    distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2935"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-355",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant, entre autres, l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s du navigateur Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de mise \u00e0 jour Google Chrome du 25 ao\u00fbt 2009",
      "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
    }
  ]
}

FKIE_CVE-2009-2935

Vulnerability from fkie_nvd - Published: 2009-08-27 17:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://code.google.com/p/chromium/issues/detail?id=18639	Vendor Advisory
cve@mitre.org	http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html	Vendor Advisory
cve@mitre.org	http://osvdb.org/57421
cve@mitre.org	http://secunia.com/advisories/36417	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/36149
cve@mitre.org	http://www.securitytracker.com/id?1022773
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2420	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/52902
af854a3a-2127-422b-91ae-364da2661108	http://code.google.com/p/chromium/issues/detail?id=18639	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/57421
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36417	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36149
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022773
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2420	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/52902

Impacted products

Vendor	Product	Version
google	chrome	*
google	chrome	0.2.149.27
google	chrome	0.2.149.29
google	chrome	0.2.149.30
google	chrome	0.2.152.1
google	chrome	0.2.153.1
google	chrome	0.3.154.0
google	chrome	0.3.154.3
google	chrome	0.4.154.18
google	chrome	0.4.154.22
google	chrome	0.4.154.31
google	chrome	0.4.154.33
google	chrome	1.0.154.36
google	chrome	1.0.154.39
google	chrome	1.0.154.42
google	chrome	1.0.154.43
google	chrome	1.0.154.46
google	chrome	1.0.154.48
google	chrome	1.0.154.52
google	chrome	1.0.154.53
google	chrome	1.0.154.59
google	chrome	2.0.156.1
google	chrome	2.0.157.0
google	chrome	2.0.157.2
google	chrome	2.0.158.0
google	chrome	2.0.159.0
google	chrome	2.0.172
google	chrome	2.0.172.30
google	chrome	2.0.172.31
google	chrome	2.0.172.33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBFF8DA-5CD2-420E-A9A3-53475271997B",
              "versionEndIncluding": "2.0.172.37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55D5075-D233-42D6-B1D6-77B7599650EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8FF77A-7802-4963-B532-3F16C7BB012C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73576CF-76EE-42A3-9955-D7991384B8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD4A2AB1-6F90-4D0B-A673-C6310514CE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A4FEB5-11D8-4FFC-972D-A3B991176040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6313614-FC3C-488C-B80B-191797319A56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CDF3DAB-73C4-48E8-9B0B-DADABF217555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2FAE50-4CA3-46F6-B533-C599011A9ED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0D94F22-37B6-4938-966A-E1830D83FBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B7164E-7A4F-4959-9E6D-EF614EDD4C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C0F9D75-B10D-468F-84D8-61B6A1230556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D2CAE29-3F1E-4374-B82C-B60B7BB4AEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "173D539E-045E-4429-80C9-5749BECC6CD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2052352-FECC-4990-B0F4-A715694AD816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCBC80CB-4AB8-4EDF-9940-D2D7124D7549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37938BB-8368-46D6-A8E4-F99F5CB9B82E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "6659833E-E309-4797-84D4-A782237714A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4C0D93-0308-48D4-A953-9398B88E2868",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE5094C4-1338-4189-B5FD-C9AFFF091D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A8C3D2-82E6-453E-90B7-BA5C5D2CDF54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2F95770-F36F-43C0-986F-5C819648271E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCE1FD3-8D27-4304-97F9-6F9689F2498D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6CA696-49AA-4445-B978-96C1D8CE58DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9CFA3BF-6C07-448B-8C83-AD4C524A6577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8497F93-D88A-4FFA-B988-7210608530A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5CDF938-2998-403F-B343-29B620E05D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A9B50D-5B0F-41C9-8FAF-B78CD21A0554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F5223F1-85CD-4DF9-9665-BDF7B554A784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DD7AFBA-A9A2-4EE9-B652-78D25EFBB690",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript."
    },
    {
      "lang": "es",
      "value": "Google V8, usado en Google Chrome anteriores a v2.0.172.43, permite a los atacantes remotos, evitar restricciones intencionadas o lecturas de memoria, y posiblemente obtener informaci\u00f3n sensible o ejecuci\u00f3n arbitraria de c\u00f3digo en el Chrome sandbox, a trav\u00e9s de JavaScript manipulado."
    }
  ],
  "id": "CVE-2009-2935",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-27T17:00:01.127",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://code.google.com/p/chromium/issues/detail?id=18639"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/57421"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36417"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36149"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022773"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2420"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://code.google.com/p/chromium/issues/detail?id=18639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/57421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VVC2-XVCW-8QMF

Vulnerability from github – Published: 2022-05-02 03:40 – Updated: 2022-05-02 03:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2935"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-27T17:00:00Z",
    "severity": "HIGH"
  },
  "details": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.",
  "id": "GHSA-vvc2-xvcw-8qmf",
  "modified": "2022-05-02T03:40:08Z",
  "published": "2022-05-02T03:40:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2935"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=18639"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/57421"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36417"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36149"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022773"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2420"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-2935

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-2935

Aliases

CVE-2009-2935

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2935",
    "description": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.",
    "id": "GSD-2009-2935"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2935"
      ],
      "details": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.",
      "id": "GSD-2009-2935",
      "modified": "2023-12-13T01:19:46.080788Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-2935",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2009-2420",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2420"
          },
          {
            "name": "57421",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/57421"
          },
          {
            "name": "36417",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36417"
          },
          {
            "name": "36149",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36149"
          },
          {
            "name": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html",
            "refsource": "CONFIRM",
            "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
          },
          {
            "name": "1022773",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022773"
          },
          {
            "name": "http://code.google.com/p/chromium/issues/detail?id=18639",
            "refsource": "CONFIRM",
            "url": "http://code.google.com/p/chromium/issues/detail?id=18639"
          },
          {
            "name": "google-chrome-v8-security-bypass(52902)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.172.37",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2935"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
            },
            {
              "name": "36417",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36417"
            },
            {
              "name": "http://code.google.com/p/chromium/issues/detail?id=18639",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://code.google.com/p/chromium/issues/detail?id=18639"
            },
            {
              "name": "ADV-2009-2420",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2420"
            },
            {
              "name": "36149",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36149"
            },
            {
              "name": "57421",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/57421"
            },
            {
              "name": "1022773",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022773"
            },
            {
              "name": "google-chrome-v8-security-bypass(52902)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:30Z",
      "publishedDate": "2009-08-27T17:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-2935 (GCVE-0-2009-2935)

CERTA-2009-AVI-355

Description

Solution

CERTA-2009-AVI-355

Description

Solution

FKIE_CVE-2009-2935

GHSA-VVC2-XVCW-8QMF

GSD-2009-2935

Tags

Sightings

Nomenclature