Vulnerabilities > CVE-2010-0556 - Credentials Management vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | GOOGLE_CHROME_4_0_249_89.NASL |
description | The version of Google Chrome installed on the remote host is earlier than 4.0.249.89. Such versions are reportedly affected by multiple vulnerabilities : - Two errors when resolving domain names and when interpreting configured proxy lists can be exploited to disclose sensitive data. (Issue #12303, #22914) - Multiple integer overflows in the V8 engine. (Issue #31009) - An unspecified error when processing the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 44587 |
published | 2010-02-11 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/44587 |
title | Google Chrome < 4.0.249.89 Multiple Vulnerabilities |
code |
|
Oval
accepted | 2014-04-07T04:01:13.874-04:00 | ||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||
description | browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. | ||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:14407 | ||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||
submitted | 2011-11-25T18:05:22.000-05:00 | ||||||||||||||||||||||||||||
title | browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. | ||||||||||||||||||||||||||||
version | 52 |
References
- http://code.google.com/p/chromium/issues/detail?id=32718
- http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
- http://secunia.com/advisories/38545
- http://securitytracker.com/id?1023583
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- http://www.osvdb.org/62319
- http://www.securityfocus.com/archive/1/509543/100/0/threaded
- http://www.securityfocus.com/bid/38177
- http://www.vsecurity.com/advisory/20100215-1.txt
- http://www.vupen.com/english/advisories/2010/0361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56216
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14407