Computer Security

Google Chrome information leak
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Google Chrome information leak
Published:16.02.2010
Source:BUGTRAQ
SecurityVulns ID:10624
Type:client
Level:3/10
Description:Password manager allows username/password from external source to be automatically filled.
Affected:GOOGLE : Chrome 3.0
 GOOGLE : Chrome 4.0
CVE:CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.)
Original documentdocumentVSR Advisories, Chrome Password Manager Cross Origin Weakness (CVE-2010-0556) (16.02.2010)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru