CVE-2010-0647

CWE-94Code Injection5 documents5 sources
Severity
9.3CRITICAL
EPSS
10.2%
top 6.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple WebkitGoogle Chrome
Timeline
PublishedFeb 18
Latest updateMay 2

Description

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDgoogle/chrome4.0.249.78+47
NVDapple/webkitr53475

Patches

Patch: googlechromereleases.blogspot.comPatch: googlechromereleases.blogspot.com

🔴Vulnerability Details

2
GHSA
GHSA-jpp6-jhf5-8fqg: WebKit before r53525, as used in Google Chrome before 42022-05-02
CVEList
CVE-2010-0647: WebKit before r53525, as used in Google Chrome before 42010-02-18

📋Vendor Advisories

1
Red Hat
webkit: remote arbitrary code execution via malformed RUBY element2010-01-06

💬Community

1
Bugzilla
CVE-2010-0647 webkit: remote arbitrary code execution via malformed RUBY element2010-02-24
CVE-2010-0647 (CRITICAL CVSS 9.3) | WebKit before r53525 | cvebase.io