CVE-2009-3933

Severity CVSS v4.0:
Pending analysis
Type:
CWE-399 Resource Management Errors
Publication date:
12/11/2009
Last modified:
09/04/2025

Description

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:webkit:webkit:*:*:*:*:*:*:*:* r50173 (including)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* 3.0.195.24 (including)
cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*