Vulnerability Description
Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | 0.2.149.27 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.htmlVendor Advisory
- http://osvdb.org/48264
- http://shinnok.evonet.ro/vulns_html/chrome.htmlExploit
- http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chromePatch
- http://www.securityfocus.com/bid/31034Exploit
- http://www.securityfocus.com/bid/31071Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44934
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45032
- https://www.exploit-db.com/exploits/6372
- http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.htmlVendor Advisory
- http://osvdb.org/48264
- http://shinnok.evonet.ro/vulns_html/chrome.htmlExploit
- http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chromePatch
- http://www.securityfocus.com/bid/31034Exploit
- http://www.securityfocus.com/bid/31071Exploit
FAQ
What is CVE-2008-6998?
CVE-2008-6998 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via...
How severe is CVE-2008-6998?
CVE-2008-6998 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6998?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.