CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-2935

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile4.19th
Published2009年8月27日
Last Modified2026年4月23日

Vulnerability Description

Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.

Affected Platforms (CPE)

📦
Google

Chrome

<= 2.0.172.37
📦
Google

Chrome

= 0.2.149.27
📦
Google

Chrome

= 0.2.149.29
📦
Google

Chrome

= 0.2.149.30
📦
Google

Chrome

= 0.2.152.1
📦
Google

Chrome

= 0.2.153.1
📦
Google

Chrome

= 0.3.154.0
📦
Google

Chrome

= 0.3.154.3
📦
Google

Chrome

= 0.4.154.18
📦
Google

Chrome

= 0.4.154.22
📦
Google

Chrome

= 0.4.154.31
📦
Google

Chrome

= 0.4.154.33
📦
Google

Chrome

= 1.0.154.36
📦
Google

Chrome

= 1.0.154.39
📦
Google

Chrome

= 1.0.154.42
📦
Google

Chrome

= 1.0.154.43
📦
Google

Chrome

= 1.0.154.46
📦
Google

Chrome

= 1.0.154.48
📦
Google

Chrome

= 1.0.154.52
📦
Google

Chrome

= 1.0.154.53
📦
Google

Chrome

= 1.0.154.59
📦
Google

Chrome

= 2.0.156.1
📦
Google

Chrome

= 2.0.157.0
📦
Google

Chrome

= 2.0.157.2
📦
Google

Chrome

= 2.0.158.0
📦
Google

Chrome

= 2.0.159.0
📦
Google

Chrome

= 2.0.172
📦
Google

Chrome

= 2.0.172.30
📦
Google

Chrome

= 2.0.172.31
📦
Google

Chrome

= 2.0.172.33

References & Advisories

🔗 http://code.google.com/p/chromium/issues/detail?id=18639
🔗 http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
🔗 http://osvdb.org/57421
🔗 http://secunia.com/advisories/36417
🔗 http://www.securityfocus.com/bid/36149
🔗 http://www.securitytracker.com/id?1022773
🔗 http://www.vupen.com/english/advisories/2009/2420
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/52902

相关漏洞威胁

CVE-2004-076410.0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "c...

CVE-2009-247110.0

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers...

CVE-2021-3397010.0

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

CVE-2009-266510.0

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when cert...