CVE-2009-3934

Published: Nov 12, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.

Affected (43)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

43 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 3.0.195.21
Google Chrome	Version 0.2.149.27
Google Chrome	Version 0.2.149.29
Google Chrome	Version 0.2.149.30
Google Chrome	Version 0.2.152.1
Google Chrome	Version 0.2.153.1
Google Chrome	Version 0.3.154.0
Google Chrome	Version 0.3.154.3
Google Chrome	Version 0.4.154.18
Google Chrome	Version 0.4.154.22
Google Chrome	Version 0.4.154.31
Google Chrome	Version 0.4.154.33
Google Chrome	Version 1.0.154.36
Google Chrome	Version 1.0.154.39
Google Chrome	Version 1.0.154.42
Google Chrome	Version 1.0.154.43
Google Chrome	Version 1.0.154.46
Google Chrome	Version 1.0.154.48
Google Chrome	Version 1.0.154.52
Google Chrome	Version 1.0.154.53
Google Chrome	Version 1.0.154.59
Google Chrome	Version 1.0.154.65
Google Chrome	Version 2.0.156.1
Google Chrome	Version 2.0.157.0
Google Chrome	Version 2.0.157.2
Google Chrome	Version 2.0.158.0
Google Chrome	Version 2.0.159.0
Google Chrome	Version 2.0.169.0
Google Chrome	Version 2.0.169.1
Google Chrome	Version 2.0.170.0
Google Chrome	Version 2.0.172.27
Google Chrome	Version 2.0.172.28
Google Chrome	Version 2.0.172.2
Google Chrome	Version 2.0.172.30
Google Chrome	Version 2.0.172.31
Google Chrome	Version 2.0.172.33
Google Chrome	Version 2.0.172.37
Google Chrome	Version 2.0.172.38
Google Chrome	Version 2.0.172.8
Google Chrome	Version 2.0.172
Google Chrome	Version 3.0.182.2
Google Chrome	Version 3.0.190.2
Google Chrome	Version 3.0.193.2 beta