CVE-2010-4578 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2010-4578?

CVE-2010-4578 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-4578?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome Os, Google Chrome, Debian Debian Linux.

Vulnerability Description

Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Google	Chrome Os	< 8.0.552.343
Google	Chrome	< 8.0.552.224
Debian	Debian Linux	6.0

References

http://code.google.com/p/chromium/issues/detail?id=64959Permissions Required
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/42648Vendor Advisory
http://www.debian.org/security/2011/dsa-2188Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xmlThird Party Advisory
http://www.securityfocus.com/bid/45390Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=64959Permissions Required
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/42648Vendor Advisory
http://www.debian.org/security/2011/dsa-2188Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xmlThird Party Advisory
http://www.securityfocus.com/bid/45390Third Party AdvisoryVDB Entry

FAQ

What is CVE-2010-4578?

CVE-2010-4578 is a vulnerability with a CVSS score of 7.5 (HIGH). Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other...

How severe is CVE-2010-4578?

CVE-2010-4578 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-4578?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome Os, Google Chrome, Debian Debian Linux.