Unrated severityNVD Advisory· Published Jan 14, 2011· Updated Apr 29, 2026

CVE-2011-0481

Description

Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Google Chrome's PDF shading before 8.0.552.237 allows remote attackers to cause denial of service or possibly execute arbitrary code.

Vulnerability

A buffer overflow vulnerability exists in the PDF shading component of Google Chrome prior to version 8.0.552.237 (and Chrome OS prior to 8.0.552.344). The flaw is triggered when processing specially crafted PDF files, leading to memory corruption. Affected versions include all Chrome releases before the fixed version [2].

Exploitation

An attacker can exploit this vulnerability by enticing a user to open a malicious PDF file in the affected browser. No additional authentication or network position is required beyond delivering the file via a web page, email attachment, or other means. The user interaction is limited to opening the PDF, which may occur automatically if the browser is configured to render PDFs inline.

Impact

Successful exploitation could allow the attacker to cause a denial of service (browser crash) or potentially achieve arbitrary code execution in the context of the browser process. The full impact is not detailed in available references, but buffer overflows in Chrome's PDF renderer have historically led to sandbox escapes when combined with other vulnerabilities.

Mitigation

Google addressed this vulnerability in Chrome 8.0.552.237 and Chrome OS 8.0.552.344. Users should update to these or later versions. No workarounds are documented; disabling the built-in PDF viewer may reduce exposure but is not a complete mitigation. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.

References

About Secunia Research | Flexera

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Chrome2 versions
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <8.0.552.237
- (no CPE)range: <8.0.552.237
Google/ChromeOS2 versions
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*range: <8.0.552.344
- (no CPE)range: <8.0.552.344

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.google.com/p/chromium/issues/detailnvdExploitPatch
googlechromereleases.blogspot.com/2011/01/chrome-stable-release.htmlnvdVendor Advisory
secunia.com/advisories/42951nvdThird Party Advisory
www.securityfocus.com/bid/45788nvdThird Party AdvisoryVDB Entry
www.srware.net/forum/viewtopic.phpnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/64672nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14418nvdThird Party Advisory
osvdb.org/70464nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000