4.3

CVE-2010-2295

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610.  NOTE: this might overlap CVE-2010-1422.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 5.0.375.70
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.39% 0.687
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Third Party Advisory
http://secunia.com/advisories/43068
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=552255
Third Party Advisory
Issue Tracking
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
Vendor Advisory
http://secunia.com/advisories/40072
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=15766
Vendor Advisory
http://src.chromium.org/viewvc/chrome/branches/WebKit/375/WebCore/page/EventHandler.cpp?r1=48067&r2=48066
Vendor Advisory
Permissions Required
https://bugs.webkit.org/show_bug.cgi?id=26824
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12003
Third Party Advisory