Computer Security
[EN] securityvulns.ru no-pyccku


Google Chrome information leak
Published:16.02.2010
Source:
SecurityVulns ID:10624
Type:client
Threat Level:
3/10
Description:Password manager allows username/password from external source to be automatically filled.
Affected:GOOGLE : Chrome 3.0
 GOOGLE : Chrome 4.0
CVE:CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.)
Original documentdocumentVSR Advisories, Chrome Password Manager Cross Origin Weakness (CVE-2010-0556) (16.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod