Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-3115

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.

Published

2010-08-24T20:00:02.410

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	chrome	< 5.0.375.127	Yes
Application	webkitgtk	webkitgtk	< 1.2.6	Yes
Operating System	canonical	ubuntu_linux	9.10	Yes
Operating System	canonical	ubuntu_linux	10.04	Yes
Operating System	canonical	ubuntu_linux	10.10	Yes

References

http://code.google.com/p/chromium/issues/detail?id=49964 Exploit, Patch, Vendor Advisory ([email protected])
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html Vendor Advisory ([email protected])
http://secunia.com/advisories/41856 Third Party Advisory ([email protected])
http://secunia.com/advisories/43086 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0177.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/44203 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-1006-1 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/2722 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0216 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0552 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11953 Third Party Advisory ([email protected])
http://code.google.com/p/chromium/issues/detail?id=49964 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/41856 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43086 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0177.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44203 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1006-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2722 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0552 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11953 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)