CVE-2010-0663

high

Description

The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002

http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

http://securitytracker.com/id?1023506

http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

http://code.google.com/p/chromium/issues/detail?id=31307

Details

Source: Mitre, NVD

Published: 2010-02-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High