CVE-2010-4576NULL Pointer Dereference in Google Chrome

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
2.2%
top 15.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeGoogle Chrome OS
Timeline
PublishedDec 22
Latest updateMay 13

Description

browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDgoogle/chrome< 8.0.552.224
NVDgoogle/chrome_os< 8.0.552.343

Patches

Patch: code.google.comPatch: src.chromium.orgPatch: code.google.com

🔴Vulnerability Details

2
GHSA
GHSA-29rg-h6c8-h6xh: browser/worker_host/message_port_dispatcher2022-05-13
CVEList
CVE-2010-4576: browser/worker_host/message_port_dispatcher2010-12-22
CVE-2010-4576 — NULL Pointer Dereference in Google | cvebase