CVE-2010-3115

high

Description

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11953

http://www.vupen.com/english/advisories/2011/0552

http://www.vupen.com/english/advisories/2011/0216

http://www.vupen.com/english/advisories/2010/2722

http://www.ubuntu.com/usn/USN-1006-1

http://www.securityfocus.com/bid/44203

http://www.redhat.com/support/errata/RHSA-2011-0177.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

http://secunia.com/advisories/43086

http://secunia.com/advisories/41856

http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html

Details

Source: Mitre, NVD

Published: 2010-08-24

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

Detections

Analytics