CVE-2010-0656
https://notcve.org/view.php?id=CVE-2010-0656
WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document. WebKit anterior a r51295 , usado en Google Chrome v4.0.249.78, presenta una página de listado de directorio en respuesta a un XMLHttpRequest de una URL file:// que corresponde a un directorio, lo cual permite a los atacantes obtener información sensible o posiblemente tener otro impacto no especificado a través de un documento HTML local manipulado. • http://code.google.com/p/chromium/issues/detail?id=20450 http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0663
https://notcve.org/view.php?id=CVE-2010-0663
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas. La función ParamTraits<SkBitmap>::Read en common/common_param_traits.cc en Google Chrome anterior a v4.0.249.78 no inicializa las ubicaciones de memoria que almacenan los datos de mapa de bits lo cual podría permitir a atacantes remotos obtener información potencialmente sensible de la memoria del proceso proporcionando datos insuficientes, relacionados con el uso de una base de datos (1) de miniaturas (thumbnail)o de (2) lienzo HTML. • http://code.google.com/p/chromium/issues/detail?id=31307 http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html http://securitytracker.com/id?1023506 http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0556
https://notcve.org/view.php?id=CVE-2010-0556
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. browser/login/login_prompt.cc en Google Chrome anterior v4.0.249.89 con un diálogo de autenticación con credenciales que fueron almacenadas por Password Manager para sitios web diferentes, permite a servidores HTTP remotos asistidos por usuarios obtener información sensible a través de una URL que requiere autenticación, como quedó demostrado por una URL en el atributo SRC de un elemento IMG. • http://code.google.com/p/chromium/issues/detail?id=32718 http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html http://secunia.com/advisories/38545 http://securitytracker.com/id?1023583 http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs http://www.osvdb.org/62319 http://www.securityfocus.com/archive/1/509543/100/0/threaded http://www.securityfocus.com/bid/38177 http://www.vsecurity.com/advisory/20100215-1.txt http:/ • CWE-255: Credentials Management Errors •
CVE-2010-0315 – Google Chrome 3.0 - Style Sheet redirection Information Disclosure
https://notcve.org/view.php?id=CVE-2010-0315
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. WebKit anterior a versión r53607, tal como es usado en Chrome de Google anterior a versión 4.0.249.89, permite a los atacantes remotos detectar la URL de destino de redireccionamiento, para la sesión de un usuario específico de un sitio web, mediante la colocación de la URL del sitio en el atributo HREF de un elemento LINK de hoja de estilos y, a continuación, leer el valor de la propiedad document.styleSheets[0].href, relacionado con un elemento IFRAME. • https://www.exploit-db.com/exploits/33562 http://code.google.com/p/chromium/issues/detail?id=32309 http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html http://secunia.com/advisories/38545 http://secunia.com/advisories/43068 http://securitytracker.com/id?1023583 http://sites.google.com/a/chromium.org/dev/ •
CVE-2009-2816
https://notcve.org/view.php?id=CVE-2009-2816
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. La implementación de Cross-Origin Resource Sharing (CORS) en WebKit, tal como es usado en Safari de Apple anterior a versión 4.0.4 y Chrome de Google anterior a versión 3.0.195.33, incluye ciertos encabezados HTTP personalizados en la petición OPTIONS durante operaciones entre orígenes con comprobación previa, lo que facilita a los atacantes remotos conducir ataques de tipo cross-site request forgery (CSRF) por medio de una página web especialmente diseñada. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/59940 http://osvdb.org/59967 http://secunia.com/advisories/37346 http://secunia.com/advisories/37358 http://secunia.com/advisories/37393 http://secunia.com/advisories/37397 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT39 • CWE-352: Cross-Site Request Forgery (CSRF) •