PT-2010-2398 · Google · Google Chrome+1

Lasse Reichstein

Published

2010-02-18

Updated

2017-09-19

CVE-2010-0646

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 4.0.249.89 Google V8 versions prior to r3560

Description The issue is related to multiple integer signedness errors in the factory.cc file of Google V8, which is used in Google Chrome. These errors can be exploited by remote attackers to execute arbitrary code within the Chrome sandbox by using crafted JavaScript arrays.

Recommendations For Google Chrome versions prior to 4.0.249.89, update to version 4.0.249.89 or later to resolve the issue. For Google V8 versions prior to r3560, update to version r3560 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2010-0646

Affected Products

Google Chrome

Google V8

PT-2010-2398 · Google · Google Chrome+1

CVE-2010-0646

Weakness Enumeration

Related Identifiers

Affected Products

References · 13