Unrated severityNVD Advisory· Published Jan 14, 2011· Updated Apr 29, 2026

CVE-2011-0478

Description

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 mishandle SVG use elements, leading to a stale pointer that can cause denial of service or other unspecified impact.

Vulnerability

Google Chrome versions prior to 8.0.552.237 and Chrome OS versions prior to 8.0.552.344 contain a vulnerability in the handling of SVG use elements. Improper memory management leads to a stale pointer when processing crafted SVG content, allowing an attacker to trigger a denial of service or potentially other unspecified consequences.

Exploitation

An attacker can exploit this vulnerability by convincing a user to visit a specially crafted web page containing malicious SVG use elements. No additional authentication or network position beyond standard web access is required. The exact exploitation steps are not publicly detailed, but the vulnerability is triggered through the browser's SVG rendering engine.

Impact

Successful exploitation results in a denial of service, likely through a browser crash or hang. The description also notes the possibility of "unspecified other impact," which could include arbitrary code execution, though this is not confirmed.

Mitigation

The vulnerability is fixed in Google Chrome version 8.0.552.237 and Chrome OS version 8.0.552.344. Users should update to these or later versions. No workarounds are documented. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Chrome2 versions
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <8.0.552.237
- (no CPE)range: <8.0.552.237
Google/ChromeOS2 versions
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*range: <8.0.552.344
- (no CPE)range: <8.0.552.344

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.google.com/p/chromium/issues/detailnvdExploitIssue TrackingVendor Advisory
googlechromereleases.blogspot.com/2011/01/chrome-stable-release.htmlnvdVendor Advisory
secunia.com/advisories/42951nvdThird Party Advisory
www.securityfocus.com/bid/45788nvdThird Party AdvisoryVDB Entry
www.srware.net/forum/viewtopic.phpnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/64669nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14191nvdThird Party Advisory
osvdb.org/70461nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000