CVE-2010-0647

Description

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.

Affected products

• Apple / webkitr53475
• Google / Chrome4.0.249.78
• Google / Chrome0.2.149.27 – 0.2.149.27
• Google / Chrome0.2.149.29 – 0.2.149.29
• Google / Chrome0.2.149.30 – 0.2.149.30
• Google / Chrome0.2.152.1 – 0.2.152.1
• Google / Chrome0.2.153.1 – 0.2.153.1
• Google / Chrome0.3.154.0 – 0.3.154.0
• Google / Chrome0.3.154.3 – 0.3.154.3
• Google / Chrome0.4.154.18 – 0.4.154.18
• Google / Chrome0.4.154.22 – 0.4.154.22
• Google / Chrome0.4.154.31 – 0.4.154.31
• Google / Chrome0.4.154.33 – 0.4.154.33
• Google / Chrome1.0.154.36 – 1.0.154.36
• Google / Chrome1.0.154.39 – 1.0.154.39
• Google / Chrome1.0.154.42 – 1.0.154.42
• Google / Chrome1.0.154.43 – 1.0.154.43
• Google / Chrome1.0.154.46 – 1.0.154.46
• Google / Chrome1.0.154.48 – 1.0.154.48
• Google / Chrome1.0.154.52 – 1.0.154.52
• Google / Chrome1.0.154.53 – 1.0.154.53
• Google / Chrome1.0.154.59 – 1.0.154.59
• Google / Chrome1.0.154.65 – 1.0.154.65
• Google / Chrome2.0.156.1 – 2.0.156.1
• Google / Chrome2.0.157.0 – 2.0.157.0
• Google / Chrome2.0.157.2 – 2.0.157.2
• Google / Chrome2.0.158.0 – 2.0.158.0
• Google / Chrome2.0.159.0 – 2.0.159.0
• Google / Chrome2.0.169.0 – 2.0.169.0
• Google / Chrome2.0.169.1 – 2.0.169.1
• Google / Chrome2.0.170.0 – 2.0.170.0
• Google / Chrome2.0.172 – 2.0.172
• Google / Chrome2.0.172.2 – 2.0.172.2
• Google / Chrome2.0.172.8 – 2.0.172.8
• Google / Chrome2.0.172.27 – 2.0.172.27
• Google / Chrome2.0.172.28 – 2.0.172.28
• Google / Chrome2.0.172.30 – 2.0.172.30
• Google / Chrome2.0.172.31 – 2.0.172.31
• Google / Chrome2.0.172.33 – 2.0.172.33
• Google / Chrome2.0.172.37 – 2.0.172.37
• Google / Chrome2.0.172.38 – 2.0.172.38
• Google / Chrome3.0.182.2 – 3.0.182.2
• Google / Chrome3.0.190.2 – 3.0.190.2
• Google / Chrome3.0.193.2 – 3.0.193.2
• Google / Chrome3.0.195.21 – 3.0.195.21
• Google / Chrome3.0.195.24 – 3.0.195.24
• Google / Chrome3.0.195.32 – 3.0.195.32
• Google / Chrome3.0.195.33 – 3.0.195.33
• Google / Chrome4.0.244.0 – 4.0.244.0

References

• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:039
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14094
• MISChttp://www.securityfocus.com/bid/38177
• MISChttp://www.osvdb.org/62317
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2722
• VENDOR_ADVISORYhttp://secunia.com/advisories/43068
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1006-1
• VENDOR_ADVISORYhttp://secunia.com/advisories/41856
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0212
• MISChttp://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/56214
• MISChttp://securitytracker.com/id?1023583
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0361
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
• MISChttps://bugs.webkit.org/show_bug.cgi?id=33266
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0552
• MISChttp://trac.webkit.org/changeset/53525
• MISChttp://code.google.com/p/chromium/issues/detail?id=31692
• MISChttp://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/38545