Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4041

The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

Published

2010-10-21T19:00:05.003

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	chrome	< 7.0.517.41	Yes
Operating System	linux	linux_kernel	-	No

References

http://code.google.com/p/chromium/issues/detail?id=54794 Issue Tracking, Mailing List, Patch, Vendor Advisory ([email protected])
http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html Release Notes, Vendor Advisory ([email protected])
http://secunia.com/advisories/41888 Broken Link ([email protected])
http://www.securityfocus.com/bid/44241 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2010/2731 Not Applicable ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14201 Third Party Advisory ([email protected])
http://code.google.com/p/chromium/issues/detail?id=54794 Issue Tracking, Mailing List, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/41888 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44241 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2731 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14201 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)