CVE-2009-2974 : Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1)

Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property.

Published 2009-08-27 17:30:00

Updated 2009-08-28 04:00:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2009-2974

Google » Chrome
Versions up to, including, (<=) 1.0.154.48
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.29
cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.30
cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.36
cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.27
cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.52
cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.3.154.3
cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.153.1
cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.59
cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.39
cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.42
cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.65
cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.152.1
cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.31
cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.22
cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.33
cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.53
cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.46
cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.43
cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.18
cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.3.154.0
cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-2974

EPSS FAQ

0.79%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-2974

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2009-2974

Jump to

Vulnerability Details : CVE-2009-2974

Products affected by CVE-2009-2974

Exploit prediction scoring system (EPSS) score for CVE-2009-2974

CVSS scores for CVE-2009-2974

References for CVE-2009-2974