Unrated severityNVD Advisory· Published Jan 14, 2011· Updated Apr 29, 2026

CVE-2011-0473

Description

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 mishandle CSS token sequences with CANVAS elements, leading to a stale pointer and denial of service.

Vulnerability

In Google Chrome before version 8.0.552.237 and Chrome OS before version 8.0.552.344, improper handling of Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements leads to a stale pointer. The vulnerability can be triggered remotely via unknown vectors.

Exploitation

The exact exploitation steps are not publicly disclosed. An attacker would likely craft a malicious webpage containing specific CSS token sequences and CANVAS elements to trigger the stale pointer condition. No authentication is required, and the exploit can be delivered via standard web browsing.

Impact

Successful exploitation causes a denial of service, possibly browser crash or hang. The description also notes unspecified other impact, but no additional details are available. The vulnerability does not appear to allow code execution or privilege escalation based on current information.

Mitigation

Update to Google Chrome version 8.0.552.237 or later, or Chrome OS version 8.0.552.344 or later. No workaround is available. The vulnerability was fixed in these versions.

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Chrome2 versions
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <8.0.552.237
- (no CPE)range: <8.0.552.237
Google/ChromeOS2 versions
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*range: <8.0.552.344
- (no CPE)range: <8.0.552.344

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

googlechromereleases.blogspot.com/2011/01/chrome-stable-release.htmlnvdVendor Advisory
secunia.com/advisories/42951nvdThird Party Advisory
www.securityfocus.com/bid/45788nvdThird Party AdvisoryVDB Entry
www.srware.net/forum/viewtopic.phpnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/64664nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14460nvdThird Party Advisory
code.google.com/p/chromium/issues/detailnvdPermissions Required
osvdb.org/70456nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000