CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
8.4 | $0-$5k | 0.00 |
A vulnerability was found in Google Chrome (Web Browser). It has been classified as critical. Affected is an unknown part. The manipulation with an unknown input leads to a remote code execution vulnerability. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
The weakness was disclosed 10/21/2010 by Michal Zalewski (Inferno) with Chromium Development Community (Website). The advisory is shared for download at googlechromereleases.blogspot.com. This vulnerability is traded as CVE-2010-4039. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
The commercial vulnerability scanner Qualys is able to test this issue with plugin 118621 (Google Chrome Prior to 7.0.517.41 Multiple Vulnerabilities).
Upgrading to version 6.0.462.0 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com.
The vulnerability is also documented in the databases at SecurityFocus (BID 44241†) and Vulnerability Center (SBV-27892†). The entries VDB-55215, VDB-55214, VDB-55213 and VDB-55211 are pretty similar.
Product
Type
Vendor
Name
Version
- 0.2.149.27
- 0.2.149.29
- 0.2.149.30
- 0.2.152.1
- 0.2.153.1
- 0.3.154.0
- 0.3.154.3
- 0.4.154.18
- 0.4.154.22
- 0.4.154.31
- 0.4.154.33
- 0.9.126.0
- 0.10.156.20
- 0.10.156.50
- 1.0.154.36
- 1.0.154.39
- 1.0.154.42
- 1.0.154.43
- 1.0.154.46
- 1.0.154.48
- 1.0.154.52
- 1.0.154.53
- 1.0.154.59
- 1.0.154.65
- 1.2.0
- 1.2.3
- 2.0.0
- 2.0.156.1
- 2.0.157.0
- 2.0.157.2
- 2.0.158.0
- 2.0.159.0
- 2.0.169.0
- 2.0.169.1
- 2.0.170.0
- 2.0.172
- 2.0.172.2
- 2.0.172.8
- 2.0.172.27
- 2.0.172.28
- 2.0.172.30
- 2.0.172.31
- 2.0.172.33
- 2.0.172.37
- 2.0.172.38
- 2.9.5
- 3.0.182.2
- 3.0.190.2
- 3.0.193.2
- 3.22.24.16
- 3.24.12
- 3.42
- 3.43
- 4.0.249.0
- 4.0.263.0
- 4.1.249.1034
- 4.1.249.1056
- 4.6.85.23
- 4.7.80.23
- 4.9.385.33
- 5
- 5.0.394.0
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.5VulDB Meta Temp Score: 8.4
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Remote Code ExecutionCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
OpenVAS ID: 801472
OpenVAS Name: Google Chrome multiple vulnerabilities - October 10(Linux)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Chrome 6.0.462.0
Timeline
10/19/2010 🔍10/19/2010 🔍
10/21/2010 🔍
10/21/2010 🔍
10/21/2010 🔍
10/26/2010 🔍
03/19/2015 🔍
09/28/2021 🔍
Sources
Vendor: google.comProduct: google.com
Advisory: googlechromereleases.blogspot.com
Researcher: Michal Zalewski (Inferno)
Organization: Chromium Development Community
Status: Not defined
Confirmation: 🔍
CVE: CVE-2010-4039 (🔍)
OVAL: 🔍
SecurityFocus: 44241 - Google Chrome prior to 7.0.517.41 Multiple Security Vulnerabilities
Secunia: 41888
Vulnerability Center: 27892 - Google Chrome Before 7.0.517.41 Remote Unspecified Vulnerability via the PATH Environment Variable, High
See also: 🔍
Entry
Created: 03/19/2015 02:37 PMUpdated: 09/28/2021 02:30 AM
Changes: 03/19/2015 02:37 PM (56), 03/08/2017 03:34 PM (11), 09/28/2021 02:22 AM (5), 09/28/2021 02:30 AM (11)
Complete: 🔍
Cache ID: 18:36F:40
No comments yet. Languages: en.
Please log in to comment.