fkie_cve-2009-2935
Vulnerability from fkie_nvd
Published
2009-08-27 17:00
Modified
2025-04-09 00:30
Severity ?
Summary
Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| chrome | 0.2.149.27 | ||
| chrome | 0.2.149.29 | ||
| chrome | 0.2.149.30 | ||
| chrome | 0.2.152.1 | ||
| chrome | 0.2.153.1 | ||
| chrome | 0.3.154.0 | ||
| chrome | 0.3.154.3 | ||
| chrome | 0.4.154.18 | ||
| chrome | 0.4.154.22 | ||
| chrome | 0.4.154.31 | ||
| chrome | 0.4.154.33 | ||
| chrome | 1.0.154.36 | ||
| chrome | 1.0.154.39 | ||
| chrome | 1.0.154.42 | ||
| chrome | 1.0.154.43 | ||
| chrome | 1.0.154.46 | ||
| chrome | 1.0.154.48 | ||
| chrome | 1.0.154.52 | ||
| chrome | 1.0.154.53 | ||
| chrome | 1.0.154.59 | ||
| chrome | 2.0.156.1 | ||
| chrome | 2.0.157.0 | ||
| chrome | 2.0.157.2 | ||
| chrome | 2.0.158.0 | ||
| chrome | 2.0.159.0 | ||
| chrome | 2.0.172 | ||
| chrome | 2.0.172.30 | ||
| chrome | 2.0.172.31 | ||
| chrome | 2.0.172.33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBFF8DA-5CD2-420E-A9A3-53475271997B",
"versionEndIncluding": "2.0.172.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D55D5075-D233-42D6-B1D6-77B7599650EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8FF77A-7802-4963-B532-3F16C7BB012C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D73576CF-76EE-42A3-9955-D7991384B8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4A2AB1-6F90-4D0B-A673-C6310514CE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66A4FEB5-11D8-4FFC-972D-A3B991176040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6313614-FC3C-488C-B80B-191797319A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDF3DAB-73C4-48E8-9B0B-DADABF217555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FAE50-4CA3-46F6-B533-C599011A9ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D94F22-37B6-4938-966A-E1830D83FBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B7164E-7A4F-4959-9E6D-EF614EDD4C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0F9D75-B10D-468F-84D8-61B6A1230556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2CAE29-3F1E-4374-B82C-B60B7BB4AEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*",
"matchCriteriaId": "173D539E-045E-4429-80C9-5749BECC6CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*",
"matchCriteriaId": "D2052352-FECC-4990-B0F4-A715694AD816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBC80CB-4AB8-4EDF-9940-D2D7124D7549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*",
"matchCriteriaId": "E37938BB-8368-46D6-A8E4-F99F5CB9B82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*",
"matchCriteriaId": "6659833E-E309-4797-84D4-A782237714A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4C0D93-0308-48D4-A953-9398B88E2868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5094C4-1338-4189-B5FD-C9AFFF091D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*",
"matchCriteriaId": "51A8C3D2-82E6-453E-90B7-BA5C5D2CDF54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F95770-F36F-43C0-986F-5C819648271E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCE1FD3-8D27-4304-97F9-6F9689F2498D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6CA696-49AA-4445-B978-96C1D8CE58DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9CFA3BF-6C07-448B-8C83-AD4C524A6577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8497F93-D88A-4FFA-B988-7210608530A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF938-2998-403F-B343-29B620E05D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A9B50D-5B0F-41C9-8FAF-B78CD21A0554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5223F1-85CD-4DF9-9665-BDF7B554A784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD7AFBA-A9A2-4EE9-B652-78D25EFBB690",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript."
},
{
"lang": "es",
"value": "Google V8, usado en Google Chrome anteriores a v2.0.172.43, permite a los atacantes remotos, evitar restricciones intencionadas o lecturas de memoria, y posiblemente obtener informaci\u00f3n sensible o ejecuci\u00f3n arbitraria de c\u00f3digo en el Chrome sandbox, a trav\u00e9s de JavaScript manipulado."
}
],
"id": "CVE-2009-2935",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-27T17:00:01.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=18639"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/57421"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36417"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36149"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022773"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=18639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/57421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52902"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…