CVE-2010-0315

Published: Jan 14, 2010Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

Affected (47)

Products: Google: Chrome

1 product

Configuration A

47 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 4.0.249.78
Google Chrome	Version 0.2.149.27
Google Chrome	Version 0.2.149.29
Google Chrome	Version 0.2.149.30
Google Chrome	Version 0.2.152.1
Google Chrome	Version 0.2.153.1
Google Chrome	Version 0.3.154.0
Google Chrome	Version 0.3.154.3
Google Chrome	Version 0.4.154.18
Google Chrome	Version 0.4.154.22
Google Chrome	Version 0.4.154.31
Google Chrome	Version 0.4.154.33
Google Chrome	Version 1.0.154.36
Google Chrome	Version 1.0.154.39
Google Chrome	Version 1.0.154.42
Google Chrome	Version 1.0.154.43
Google Chrome	Version 1.0.154.46
Google Chrome	Version 1.0.154.48
Google Chrome	Version 1.0.154.52
Google Chrome	Version 1.0.154.53
Google Chrome	Version 1.0.154.59
Google Chrome	Version 1.0.154.65
Google Chrome	Version 2.0.156.1
Google Chrome	Version 2.0.157.0
Google Chrome	Version 2.0.157.2
Google Chrome	Version 2.0.158.0
Google Chrome	Version 2.0.159.0
Google Chrome	Version 2.0.169.0
Google Chrome	Version 2.0.169.1
Google Chrome	Version 2.0.170.0
Google Chrome	Version 2.0.172.27
Google Chrome	Version 2.0.172.28
Google Chrome	Version 2.0.172.2
Google Chrome	Version 2.0.172.30
Google Chrome	Version 2.0.172.31
Google Chrome	Version 2.0.172.33
Google Chrome	Version 2.0.172.37
Google Chrome	Version 2.0.172.38
Google Chrome	Version 2.0.172.8
Google Chrome	Version 2.0.172
Google Chrome	Version 3.0.182.2
Google Chrome	Version 3.0.190.2
Google Chrome	Version 3.0.193.2 beta
Google Chrome	Version 3.0.195.21
Google Chrome	Version 3.0.195.24
Google Chrome	Version 3.0.195.32
Google Chrome	Version 3.0.195.33

References (32)

http://code.google.com/p/chromium/issues/detail?id=32309

Source: cve@mitre.org

http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/38545

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/43068

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1023583

Source: cve@mitre.org

http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

Source: cve@mitre.org

http://trac.webkit.org/changeset/53607

Source: cve@mitre.org

http://www.securityfocus.com/bid/38177

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/0361

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

Vendor Advisory

https://bugs.webkit.org/show_bug.cgi?id=33683

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/55683

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/56215

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452

Source: cve@mitre.org

http://code.google.com/p/chromium/issues/detail?id=32309

Source: af854a3a-2127-422b-91ae-364da2661108

http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/38545

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1023583

Source: af854a3a-2127-422b-91ae-364da2661108

http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

Source: af854a3a-2127-422b-91ae-364da2661108

http://trac.webkit.org/changeset/53607

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/38177

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/0361

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.webkit.org/show_bug.cgi?id=33683

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/55683

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/56215

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.