Unrated severityNVD Advisory· Published Dec 22, 2010· Updated Apr 29, 2026

CVE-2010-4575

Description

The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted extension can crash Google Chrome or Chrome OS by triggering improper tab interaction handling in the ThemeInstalledInfoBarDelegate.

Vulnerability

The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc does not properly handle incorrect tab interaction by an extension. This flaw exists in Google Chrome versions before 8.0.552.224 and Chrome OS versions before 8.0.552.343 [1]. The vulnerability is reachable when a user installs a crafted extension that interacts with browser tabs in an unexpected manner.

Exploitation

An attacker must first convince a user to install a malicious extension. The user then needs to perform a specific set of UI actions involving tab interaction, as triggered by the extension [1]. The exact sequence of actions is not publicly detailed, but the extension's code can cause the Observe function to mishandle the tab interaction, leading to a crash.

Impact

Successful exploitation results in a denial of service (application crash) of the browser or Chrome OS [1]. While the official CVE description only confirms a crash, the Gentoo advisory notes that similar vulnerabilities in the same release may allow arbitrary code execution within the sandbox [1]. However, for this specific CVE, the impact is limited to a denial of service.

Mitigation

Users should upgrade to Google Chrome 8.0.552.224 or later, or Chrome OS 8.0.552.343 or later [1]. The Gentoo Linux advisory provides the command emerge --sync && emerge --ask --oneshot --verbose ">=www-client/chromium-8.0.552.224" for Chromium users [1]. No workaround is available.

References

Multiple vulnerabilities (GLSA 201012-01) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Chrome2 versions
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <8.0.552.224
- (no CPE)range: <8.0.552.224
Google/ChromeOS2 versions
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*range: <8.0.552.343
- (no CPE)range: <8.0.552.343

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

src.chromium.org/viewvc/chromenvdPatchVendor Advisory
code.google.com/p/chromium/issues/detailnvdExploitPatchVendor Advisory
googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.htmlnvdVendor Advisory
secunia.com/advisories/42648nvdThird Party Advisory
www.gentoo.org/security/en/glsa/glsa-201012-01.xmlnvdThird Party Advisory
www.securityfocus.com/bid/45390nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14427nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000