CVE-2010-4574

Google Chrome < 8.0.552.224 - Insecure Deserialization

Title source: rule

Description

The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.

References (7)

[Patch, Vendor Advisory] http://code.google.com/p/chromium/issues/detail?id=56449

[Vendor Advisory] http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html

[Third Party Advisory] http://secunia.com/advisories/42648

[Patch, Vendor Advisory] http://src.chromium.org/viewvc/chrome?view=rev&revision=68033

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45390

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141

Scores

EPSS 0.0083

EPSS Percentile 74.3%

Classification

CWE

CWE-502

Status draft

Affected Products (2)

google/chrome < 8.0.552.224

google/chrome_os < 8.0.552.343

Timeline

Published Dec 22, 2010

Tracked Since Feb 18, 2026