CVE-2009-2935

Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.

Published: Aug 27, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-2935
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
google / chrome	0.3.154.3	0.3.154.3.x
google / chrome	0.2.149.30	0.2.149.30.x
google / chrome	0.4.154.31	0.4.154.31.x
google / chrome	1.0.154.39	1.0.154.39.x
google / chrome	1.0.154.59	1.0.154.59.x
google / chrome	0.2.149.27	0.2.149.27.x
google / chrome	1.0.154.53	1.0.154.53.x
google / chrome	0.4.154.33	0.4.154.33.x
google / chrome	1.0.154.43	1.0.154.43.x
google / chrome	1.0.154.42	1.0.154.42.x
google / chrome	2.0.172.33	2.0.172.33.x
google / chrome	1.0.154.52	1.0.154.52.x
google / chrome	2.0.157.2	2.0.157.2.x
google / chrome	0.4.154.18	0.4.154.18.x
google / chrome	0.2.149.29	0.2.149.29.x
google / chrome	2.0.157.0	2.0.157.0.x
google / chrome	0.2.152.1	0.2.152.1.x
google / chrome	0.3.154.0	0.3.154.0.x
google / chrome	0.2.153.1	0.2.153.1.x
google / chrome	1.0.154.36	1.0.154.36.x
google / chrome	2.0.172	2.0.172.x
google / chrome	-	2.0.172.37.x
google / chrome	2.0.172.30	2.0.172.30.x
google / chrome	2.0.156.1	2.0.156.1.x
google / chrome	1.0.154.46	1.0.154.46.x
google / chrome	0.4.154.22	0.4.154.22.x
google / chrome	2.0.159.0	2.0.159.0.x
google / chrome	2.0.158.0	2.0.158.0.x
google / chrome	2.0.172.31	2.0.172.31.x
google / chrome	1.0.154.48	1.0.154.48.x

Vulnerability Database

309,961

CVE-2009-2935

Deep Security Visibility Without the Complexity