CVE-2011-0474
Description
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 mishandle CSS token sequences with cursors, causing a stale pointer that can lead to denial of service.
Vulnerability
Google Chrome before version 8.0.552.237 and Chrome OS before version 8.0.552.344 improperly handle Cascading Style Sheets (CSS) token sequences when used in conjunction with cursors. This flaw results in a stale pointer condition within the browser's rendering engine. The exact code path is not publicly detailed, but it is triggered during CSS parsing when specific token sequences are processed.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious webpage containing specially crafted CSS token sequences. No authentication or special network position is required; the victim simply needs to visit the page using an affected browser version. The stale pointer leads to memory corruption, which can cause the browser to crash or behave unexpectedly.
Impact
Successful exploitation results in a denial of service (browser crash). The official description notes the possibility of "unspecified other impact," but no further details have been disclosed. The stale pointer could potentially be leveraged for more severe consequences, though this has not been confirmed.
Mitigation
The vulnerability is fixed in Google Chrome 8.0.552.237 and Chrome OS 8.0.552.344. Users should update to these versions or later. No workarounds have been published, and the issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- code.google.com/p/chromium/issues/detailnvdExploitIssue TrackingPatchVendor Advisory
- googlechromereleases.blogspot.com/2011/01/chrome-stable-release.htmlnvdVendor Advisory
- secunia.com/advisories/42951nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2188nvdThird Party Advisory
- www.securityfocus.com/bid/45788nvdThird Party AdvisoryVDB Entry
- www.srware.net/forum/viewtopic.phpnvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/64665nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14443nvdThird Party Advisory
- osvdb.org/70457nvdBroken Link
News mentions
0No linked articles in our index yet.