CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.5%
In addition, this release fixes the following security issues:
CVE-2009-2555 Heap overflow with Javascript regular expressions
Evaluating a specially-crafted regular expression in Javascript on a web page can lead to memory corruption and possibly a heap overflow. Visiting a maliciously crafted website may lead to a renderer (tab) crash or arbitrary code execution in the Google Chrome sandbox.
More info: http://code.google.com/p/chromium/issues/detail?id=14719 (This issue will be made public once a majority of users are up to date with the fix.)
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
**Credit:**This issue was found by the Google Chrome security team.
Mitigations:
CVE-2009-2556 Memory corruption in the browser process
A compromised renderer (tab) process could cause the browser process to allocate very large memory buffers. This error could cause the browser process (and all tabs) to crash or possibly allow arbitrary code execution with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
Severity: Critical. In conjunction with a vulnerability allowing arbitrary code to run in the renderer, an attacker might be able to run code with the privileges of the logged on user.
**Credit:**This issue was found by the Google Chrome security team.
Mitigations: