CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2935

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile4.19th
PublishedAug 27, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.

Affected Platforms (CPE)

πŸ“¦
Google

Chrome

<= 2.0.172.37
πŸ“¦
Google

Chrome

= 0.2.149.27
πŸ“¦
Google

Chrome

= 0.2.149.29
πŸ“¦
Google

Chrome

= 0.2.149.30
πŸ“¦
Google

Chrome

= 0.2.152.1
πŸ“¦
Google

Chrome

= 0.2.153.1
πŸ“¦
Google

Chrome

= 0.3.154.0
πŸ“¦
Google

Chrome

= 0.3.154.3
πŸ“¦
Google

Chrome

= 0.4.154.18
πŸ“¦
Google

Chrome

= 0.4.154.22
πŸ“¦
Google

Chrome

= 0.4.154.31
πŸ“¦
Google

Chrome

= 0.4.154.33
πŸ“¦
Google

Chrome

= 1.0.154.36
πŸ“¦
Google

Chrome

= 1.0.154.39
πŸ“¦
Google

Chrome

= 1.0.154.42
πŸ“¦
Google

Chrome

= 1.0.154.43
πŸ“¦
Google

Chrome

= 1.0.154.46
πŸ“¦
Google

Chrome

= 1.0.154.48
πŸ“¦
Google

Chrome

= 1.0.154.52
πŸ“¦
Google

Chrome

= 1.0.154.53
πŸ“¦
Google

Chrome

= 1.0.154.59
πŸ“¦
Google

Chrome

= 2.0.156.1
πŸ“¦
Google

Chrome

= 2.0.157.0
πŸ“¦
Google

Chrome

= 2.0.157.2
πŸ“¦
Google

Chrome

= 2.0.158.0
πŸ“¦
Google

Chrome

= 2.0.159.0
πŸ“¦
Google

Chrome

= 2.0.172
πŸ“¦
Google

Chrome

= 2.0.172.30
πŸ“¦
Google

Chrome

= 2.0.172.31
πŸ“¦
Google

Chrome

= 2.0.172.33

References & Advisories

πŸ”— http://code.google.com/p/chromium/issues/detail?id=18639
πŸ”— http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
πŸ”— http://osvdb.org/57421
πŸ”— http://secunia.com/advisories/36417
πŸ”— http://www.securityfocus.com/bid/36149
πŸ”— http://www.securitytracker.com/id?1022773
πŸ”— http://www.vupen.com/english/advisories/2009/2420
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/52902

Related Vulnerabilities

CVE-2004-076410.0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "c...

CVE-2009-247110.0

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers...

CVE-2021-3397010.0

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

CVE-2009-266510.0

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when cert...