Heap-Based Buffer Overflow in Google Chrome Due to JavaScript Regular Expression Vulnerability
CVE-2009-2555

Currently unrated

Key Information:

Vendor: Google
Status: V8; Chrome
Vendor: CVE Published:; 21 July 2009

Summary

A heap-based buffer overflow exists in Google V8, utilized within Google Chrome. This flaw allows remote attackers to execute arbitrary code within the Chrome sandbox through the use of crafted JavaScript regular expressions. The vulnerability affects versions prior to 1.1.10.14 of Google V8 and versions earlier than 2.0.172.37 of Google Chrome. Exploitation of this vulnerability poses significant risks to user security, since it could lead to unauthorized access and control over affected systems.

References

http://googlechromereleases.blogspot.com/2009/07/stable-b...

x_refsource_CONFIRM

http://code.google.com/p/chromium/issues/detail?id=14719

x_refsource_CONFIRM

http://www.securityfocus.com/bid/35722

vdb-entryx_refsource_BID

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 21, 2009
Vulnerability Reserved
Jul 21, 2009