CVE-2010-2295

EPSS 1.18%
Published 15.06.2010 18:00:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610.  NOTE: this might overlap CVE-2010-1422.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version < 5.0.375.70

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.18%	0.768

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Third Party Advisory

http://secunia.com/advisories/43068

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0212

Permissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=552255

Third Party Advisory

Issue Tracking

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

Vendor Advisory

http://secunia.com/advisories/40072