Multiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS elements.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Google Chrome 2.0.169.1
Google Chrome 0.4.154.31
Google Chrome 1.0.154.53
Google Chrome 2.0.172.33
Google Chrome 1.0.154.59
Google Chrome 2.0.172.30
Google Chrome 1.0.154.39
Google Chrome 3.0.182.2
Google Chrome 0.4.154.18
Google Chrome 1.0.154.36
Google Chrome 2.0.172.31
Google Chrome 3.0.195.24
Google Chrome 3.0.195.21
Google Chrome 0.2.149.29
Google Chrome 2.0.172.38
Google Chrome 2.0.172.37
Google Chrome 0.2.149.27
Google Chrome 3.0.193.2:beta
Google Chrome 2.0.158.0
Google Chrome 0.4.154.22
Google Chrome 2.0.159.0
Google Chrome 2.0.157.2
Google Chrome 0.2.152.1
Google Chrome 2.0.170.0
Google Chrome 2.0.156.1
Google Chrome 2.0.157.0
Google Chrome 1.0.154.42
Google Chrome 2.0.172.8
Google Chrome 0.2.153.1
Google Chrome 2.0.172.2
Google Chrome 3.0.195.33
Google Chrome 1.0.154.46
Google Chrome 1.0.154.43
Google Chrome 1.0.154.65
Google Chrome 2.0.172
Google Chrome 0.3.154.0
Google Chrome 0.3.154.3
Google Chrome 1.0.154.48
Google Chrome 4.0.249.0
Google Chrome 3.0.190.2
Google Chrome 0.2.149.30
Google Chrome 0.4.154.33
Google Chrome 1.0.154.52
Google Chrome 2.0.169.0
Google Chrome 2.0.172.28
Google Chrome 2.0.172.27
Google Chrome 3.0.195.32
Google Chrome 4.0.244.0