CVE-2010-2302

Google Chrome < 5.0.375.70 - Use After Free

Title source: rule

Description

Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771.

References (7)

[Vendor Advisory] http://code.google.com/p/chromium/issues/detail?id=44740

[Vendor Advisory] http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

[Third Party Advisory] http://secunia.com/advisories/40072

[Third Party Advisory] http://secunia.com/advisories/43068

[Permissions Required] http://www.vupen.com/english/advisories/2011/0212

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11948

Scores

EPSS 0.0611

EPSS Percentile 90.6%

Classification

CWE

CWE-416

Status draft

Affected Products (7)

google/chrome < 5.0.375.70

opensuse/opensuse

opensuse/opensuse

suse/suse_linux_enterprise_desktop

suse/suse_linux_enterprise_desktop

suse/suse_linux_enterprise_server

suse/suse_linux_enterprise_server

Timeline

Published Jun 15, 2010

Tracked Since Feb 18, 2026