CVE-2010-3729

moderate-risk
Published 2010-10-05

The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.

Do I need to act?

~
4.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Google

References (6)

Exploit http://code.google.com/p/chromium/issues/detail?id=55119
Release Notes http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17....
Third Party Advisory https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
Exploit http://code.google.com/p/chromium/issues/detail?id=55119
Release Notes http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17....
Third Party Advisory https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal