Unrated severityNVD Advisory· Published Nov 12, 2009· Updated Apr 23, 2026

CVE-2009-3933

Description

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.

Affected products

Webkit/Webkit
cpe:2.3:a:webkit:webkit:*:*:*:*:*:*:*:*
Range: <=r50173

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codereview.chromium.org/339039nvdPatch
googlechromereleases.blogspot.com/2009/11/stable-channel-update.htmlnvdVendor Advisory
code.google.com/p/chromium/issues/detailnvd
lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
secunia.com/advisories/43068nvd
src.chromium.org/viewvc/chrome/branches/195/src/webkit/webkit.gypnvd
src.chromium.org/viewvc/chromenvd
trac.webkit.org/changeset/50173nvd
www.osvdb.org/59745nvd
www.vupen.com/english/advisories/2011/0212nvd
bugs.webkit.org/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/54297nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000