CVE-2010-3118

Published: Aug 24, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature.

Affected (1)

Products: Google: Chrome

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 5.0.375.127

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://code.google.com/p/chromium/issues/detail?id=51146

Source: cve@mitre.org

ExploitIssue TrackingPatchVendor Advisory

http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html

Source: cve@mitre.org

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11839

Source: cve@mitre.org

Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=51146

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11839

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.