Cross-Site Scripting Vulnerability in Google Chrome WebKit
CVE-2010-0661

Currently unrated

Key Information:

Vendor: Apple
Status: Webkit; Chrome
Vendor: CVE Published:; 18 February 2010

Summary

A vulnerability in the WebCore module of WebKit, as utilized by Google Chrome, allows remote attackers to exploit the window.open method, effectively bypassing the Same Origin Policy. This flaw can lead to unauthorized access to sensitive information or manipulation of web content, posing significant security risks to users of affected versions.

References

http://googlechromereleases.blogspot.com/2010/01/stable-c...

x_refsource_CONFIRM

http://secunia.com/advisories/43068

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2011/0212

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Feb 18, 2010
Vulnerability Reserved
Feb 18, 2010