The host is installed with Google Chrome before 4.0.249.89 and is prone to integer overflow vulnerability. A flaw is present in the CrossCallParamsEx::CreateFromBuffer function in the application which does not properly hamdle deserializing of sandbox messages. Successful exploitation allow remote attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact.