4.3

CVE-2010-0556

browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version <= 4.0.249.78
GoogleChrome Version0.2.149.27
GoogleChrome Version0.2.149.29
GoogleChrome Version0.2.149.30
GoogleChrome Version0.2.152.1
GoogleChrome Version0.2.153.1
GoogleChrome Version0.3.154.0
GoogleChrome Version0.3.154.3
GoogleChrome Version0.4.154.18
GoogleChrome Version0.4.154.22
GoogleChrome Version0.4.154.31
GoogleChrome Version0.4.154.33
GoogleChrome Version1.0.154.36
GoogleChrome Version1.0.154.39
GoogleChrome Version1.0.154.42
GoogleChrome Version1.0.154.43
GoogleChrome Version1.0.154.46
GoogleChrome Version1.0.154.48
GoogleChrome Version1.0.154.52
GoogleChrome Version1.0.154.53
GoogleChrome Version1.0.154.59
GoogleChrome Version1.0.154.65
GoogleChrome Version2.0.156.1
GoogleChrome Version2.0.157.0
GoogleChrome Version2.0.157.2
GoogleChrome Version2.0.158.0
GoogleChrome Version2.0.159.0
GoogleChrome Version2.0.169.0
GoogleChrome Version2.0.169.1
GoogleChrome Version2.0.170.0
GoogleChrome Version2.0.172
GoogleChrome Version2.0.172.2
GoogleChrome Version2.0.172.8
GoogleChrome Version2.0.172.27
GoogleChrome Version2.0.172.28
GoogleChrome Version2.0.172.30
GoogleChrome Version2.0.172.31
GoogleChrome Version2.0.172.33
GoogleChrome Version2.0.172.37
GoogleChrome Version2.0.172.38
GoogleChrome Version3.0.182.2
GoogleChrome Version3.0.190.2
GoogleChrome Version3.0.193.2 Updatebeta
GoogleChrome Version3.0.195.21
GoogleChrome Version3.0.195.24
GoogleChrome Version3.0.195.32
GoogleChrome Version3.0.195.33
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.05% 0.598
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
Patch
http://secunia.com/advisories/38545
Vendor Advisory
http://securitytracker.com/id?1023583
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
Vendor Advisory
http://www.securityfocus.com/bid/38177
http://www.vupen.com/english/advisories/2010/0361
Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=32718
http://www.osvdb.org/62319
http://www.securityfocus.com/archive/1/509543/100/0/threaded
http://www.vsecurity.com/advisory/20100215-1.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/56216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14407