Unrated severityNVD Advisory· Published Dec 22, 2010· Updated Apr 29, 2026

CVE-2010-4578

Description

Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper cursor handling in Google Chrome before 8.0.552.224 allows remote attackers to cause denial of service or execute arbitrary code via stale pointers.

Vulnerability

Google Chrome before version 8.0.552.224 and Chrome OS before 8.0.552.343 contain a vulnerability in cursor handling that leads to stale pointers [1]. The exact code path is triggered by unknown vectors, but the issue resides in the browser's cursor management logic.

Exploitation

An attacker must trick a user into performing a set of UI actions (e.g., clicking or interacting with a specially crafted web page) to trigger the stale pointer condition [1]. The specific sequence of actions is not publicly detailed, but the vulnerability is reachable via remote vectors without authentication.

Impact

Successful exploitation can cause a denial of service (browser crash) or potentially allow arbitrary code execution within the browser's sandbox [1]. The reference also notes the possibility of other unspecified impacts, though the primary outcome is a crash or code execution.

Mitigation

Users should upgrade to Google Chrome version 8.0.552.224 or later, or Chrome OS version 8.0.552.343 or later [1]. No workaround is available for unpatched versions.

References

Multiple vulnerabilities (GLSA 201012-01) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Chrome2 versions
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <8.0.552.224
- (no CPE)range: < 8.0.552.224
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Google/ChromeOS2 versions
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*range: <8.0.552.343
- (no CPE)range: < 8.0.552.343

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlnvdMailing ListThird Party Advisory
secunia.com/advisories/42648nvdVendor Advisory
www.debian.org/security/2011/dsa-2188nvdThird Party Advisory
www.gentoo.org/security/en/glsa/glsa-201012-01.xmlnvdThird Party Advisory
www.securityfocus.com/bid/45390nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14323nvdThird Party Advisory
code.google.com/p/chromium/issues/detailnvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000