CVE-2010-0643

high

Description

Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14500

https://exchange.xforce.ibmcloud.com/vulnerabilities/56212

http://www.vupen.com/english/advisories/2010/0361

http://www.securityfocus.com/bid/38177

http://www.osvdb.org/62315

http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

http://securitytracker.com/id?1023583

http://secunia.com/advisories/38545

http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

http://code.google.com/p/chromium/issues/detail?id=12303

Details

Source: Mitre, NVD

Published: 2010-02-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High