CVE-2010-2295

Published: Jun 15, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.

Affected (1)

Products: Google: Chrome

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 5.0.375.70

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://code.google.com/p/chromium/issues/detail?id=15766

Source: cve@mitre.org

Vendor Advisory

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/40072

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/43068

Source: cve@mitre.org

Third Party Advisory

http://src.chromium.org/viewvc/chrome/branches/WebKit/375/WebCore/page/EventHandler.cpp?r1=48067&r2=48066

Source: cve@mitre.org

Permissions RequiredVendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

Permissions Required

https://bugs.webkit.org/show_bug.cgi?id=26824

Source: cve@mitre.org

Permissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=552255

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12003

Source: cve@mitre.org

Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=15766

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/40072

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://src.chromium.org/viewvc/chrome/branches/WebKit/375/WebCore/page/EventHandler.cpp?r1=48067&r2=48066

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://bugs.webkit.org/show_bug.cgi?id=26824

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=552255

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12003

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.