Unrated severityNVD Advisory· Published Jan 14, 2011· Updated Apr 29, 2026

CVE-2011-0470

Description

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper handling of extension notification in Chrome before 8.0.552.237 allows remote attackers to cause denial of service via unspecified vectors.

Vulnerability

Google Chrome before version 8.0.552.237 and Chrome OS before 8.0.552.344 improperly handle extensions notification. The vulnerability resides in the notification subsystem for browser extensions, allowing a remote attacker to trigger an application crash (denial of service) through unspecified vectors. The affected versions are Chrome < 8.0.552.237 and Chrome OS < 8.0.552.344 [1].

Exploitation

An attacker requires network access to the target system. No authentication is needed. The exploit is triggered by sending specially crafted data to the extension notification system. The exact sequence is not disclosed in available references, but the attack is remote and does not require user interaction beyond normal browsing.

Impact

Successful exploitation causes a denial of service condition by crashing the browser application. This disrupts user sessions and productivity, but does not result in data loss, code execution, or privilege escalation [1].

Mitigation

Upgrade to Google Chrome version 8.0.552.237 or later, or Chrome OS version 8.0.552.344 or later. The fix was included in the stable channel release on January 14, 2011. No workarounds are documented; applying the update is the only mitigation [1].

References

New Iron-Version: 8.0.555.1 Stable for Windows

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Chrome2 versions
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <8.0.552.237
- (no CPE)range: <8.0.552.237
Google/ChromeOS2 versions
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*range: <8.0.552.344
- (no CPE)range: <8.0.552.344

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.google.com/p/chromium/issues/detailnvdExploitIssue TrackingVendor Advisory
googlechromereleases.blogspot.com/2011/01/chrome-stable-release.htmlnvdVendor Advisory
secunia.com/advisories/42951nvdThird Party Advisory
www.securityfocus.com/bid/45788nvdThird Party AdvisoryVDB Entry
www.srware.net/forum/viewtopic.phpnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/64661nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14366nvdThird Party Advisory
osvdb.org/70453nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000