#VU45329 Resource exhaustion in Google Chrome - CVE-2011-0985

Cybersecurity Help s.r.o.

Published: 2011-02-10 | Updated: 2020-08-11

Vulnerability identifier: #VU45329

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-0985

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Google Chrome
Client/Desktop applications / Web browsers

Vendor: Google

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Google Chrome: 9.0.597.0 - 9.0.597.92

External links
https://code.google.com/p/chromium/issues/detail?id=70456
https://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html
https://secunia.com/advisories/43342
https://secunia.com/advisories/43368
https://www.debian.org/security/2011/dsa-2166
https://www.securityfocus.com/bid/46262
https://www.srware.net/forum/viewtopic.php?f=18&t=2190
https://www.vupen.com/english/advisories/2011/0408
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14506

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Techland Chrome