WebKit Directory Listing Vulnerability in Google Chrome
CVE-2010-0656

Currently unrated

Key Information:

Vendor: Apple
Status: Webkit; Chrome
Vendor: CVE Published:; 18 February 2010

Summary

This vulnerability allows attackers to exploit WebKit in Google Chrome to present a directory-listing page in response to an XMLHttpRequest aimed at a file:/// URL that corresponds to a directory. By crafting a local HTML document, attackers may gain access to sensitive information or potentially cause other unspecified impacts.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://googlechromereleases.blogspot.com/2010/01/stable-c...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2010/2722

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Feb 18, 2010
Vulnerability Reserved
Feb 18, 2010