Description
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
Affected products
- Google / Chrome2.0.172.31 – 2.0.172.31
- Google / Chrome2.0.172.33
- Google / Chrome0.2.149.29 – 0.2.149.29
- Google / Chrome0.2.149.30 – 0.2.149.30
- Google / Chrome0.2.152.1 – 0.2.152.1
- Google / Chrome0.2.153.1 – 0.2.153.1
- Google / Chrome0.3.154.0 – 0.3.154.0
- Google / Chrome0.3.154.3 – 0.3.154.3
- Google / Chrome0.4.154.18 – 0.4.154.18
- Google / Chrome0.4.154.22 – 0.4.154.22
- Google / Chrome0.4.154.31 – 0.4.154.31
- Google / Chrome0.4.154.33 – 0.4.154.33
- Google / Chrome1.0.154.36 – 1.0.154.36
- Google / Chrome1.0.154.39 – 1.0.154.39
- Google / Chrome1.0.154.42 – 1.0.154.42
- Google / Chrome1.0.154.43 – 1.0.154.43
- Google / Chrome1.0.154.46 – 1.0.154.46
- Google / Chrome1.0.154.48 – 1.0.154.48
- Google / Chrome1.0.154.52 – 1.0.154.52
- Google / Chrome1.0.154.53 – 1.0.154.53
- Google / Chrome1.0.154.59 – 1.0.154.59
- Google / Chrome2.0.156.1 – 2.0.156.1
- Google / Chrome2.0.157.0 – 2.0.157.0
- Google / Chrome2.0.157.2 – 2.0.157.2
- Google / Chrome2.0.158.0 – 2.0.158.0
- Google / Chrome2.0.159.0 – 2.0.159.0
- Google / Chrome2.0.172 – 2.0.172
- Google / Chrome2.0.172.30 – 2.0.172.30
- Google / v81.0
References
- MISChttp://googlechromereleases.blogspot.com/2009/07/stable-beta-update-bug-fixes.html
- MISChttp://code.google.com/p/chromium/issues/detail?id=14719
- MISChttp://www.securityfocus.com/bid/35722
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/51801
- VENDOR_ADVISORYhttp://secunia.com/advisories/35844
- MISChttp://codereview.chromium.org/141042
- MISChttp://codereview.chromium.org/141042/diff/6/1004
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/1924
- MISChttp://www.osvdb.org/55939