CVE-2010-0663
Google Chrome < 4.0.249.78 - Information Exposure via Uninitialized Bitmap Memory
Title source: llmDescription
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002
Patch x_refsource_confirm
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023506
Vendor Advisory x_refsource_confirm
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
Issue Tracking x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=31307
Scores
EPSS
0.0101
EPSS Percentile
58.9%
Details
CWE
CWE-200
Status
published
Products (47)
google/chrome
0.2.149.27
google/chrome
0.2.149.29
google/chrome
0.2.149.30
google/chrome
0.2.152.1
google/chrome
0.2.153.1
google/chrome
0.3.154.0
google/chrome
0.3.154.3
google/chrome
0.4.154.18
google/chrome
0.4.154.22
google/chrome
0.4.154.31
... and 37 more
Published
Feb 18, 2010
Tracked Since
Feb 18, 2026