CVE-2010-0663

Google Chrome < 4.0.249.78 - Information Exposure via Uninitialized Bitmap Memory

Title source: llm
STIX 2.1

Description

The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023506

Scores

EPSS 0.0101
EPSS Percentile 58.9%

Details

CWE
CWE-200
Status published
Products (47)
google/chrome 0.2.149.27
google/chrome 0.2.149.29
google/chrome 0.2.149.30
google/chrome 0.2.152.1
google/chrome 0.2.153.1
google/chrome 0.3.154.0
google/chrome 0.3.154.3
google/chrome 0.4.154.18
google/chrome 0.4.154.22
google/chrome 0.4.154.31
... and 37 more
Published Feb 18, 2010
Tracked Since Feb 18, 2026