[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-2298

Date: (C)2010-06-15   (M)2017-09-22 


browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.

CVSS Score: 10.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECUNIA-40072
http://code.google.com/p/chromium/issues/detail?id=43304
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

CPE    417
cpe:/a:google:chrome:2.0.169.0
cpe:/a:google:chrome:5.0.354.1
cpe:/a:google:chrome:5.0.354.0
cpe:/a:google:chrome:2.0.169.1
...
CWE    1
CWE-20
OVAL    2
oval:org.secpod.oval:def:102
oval:org.secpod.oval:def:14

© 2013 SecPod Technologies