CVE-2010-0643: Infoleak
First published: Thu Feb 18 2010(Updated: )
Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome (Trace Event) | =2.0.172.8 | |
| Google Chrome (Trace Event) | =0.3.154.3 | |
| Google Chrome (Trace Event) | =3.0.182.2 | |
| Google Chrome (Trace Event) | =0.2.149.30 | |
| Google Chrome (Trace Event) | =0.4.154.31 | |
| Google Chrome (Trace Event) | =1.0.154.39 | |
| Google Chrome (Trace Event) | =2.0.172.38 | |
| Google Chrome (Trace Event) | =1.0.154.59 | |
| Google Chrome (Trace Event) | =0.2.149.27 | |
| Google Chrome (Trace Event) | =1.0.154.53 | |
| Google Chrome (Trace Event) | =0.4.154.33 | |
| Google Chrome (Trace Event) | =2.0.170.0 | |
| Google Chrome (Trace Event) | =1.0.154.43 | |
| Google Chrome (Trace Event) | =1.0.154.42 | |
| Google Chrome (Trace Event) | =2.0.169.1 | |
| Google Chrome (Trace Event) | =2.0.172.33 | |
| Google Chrome (Trace Event) | =3.0.195.24 | |
| Google Chrome (Trace Event) | =3.0.195.33 | |
| Google Chrome (Trace Event) | =1.0.154.52 | |
| Google Chrome (Trace Event) | =2.0.172.27 | |
| Google Chrome (Trace Event) | =1.0.154.65 | |
| Google Chrome (Trace Event) | =2.0.157.2 | |
| Google Chrome (Trace Event) | =0.4.154.18 | |
| Google Chrome (Trace Event) | =0.2.149.29 | |
| Google Chrome (Trace Event) | =2.0.157.0 | |
| Google Chrome (Trace Event) | =0.2.152.1 | |
| Google Chrome (Trace Event) | =0.3.154.0 | |
| Google Chrome (Trace Event) | <=4.0.249.78 | |
| Google Chrome (Trace Event) | =0.2.153.1 | |
| Google Chrome (Trace Event) | =2.0.172.2 | |
| Google Chrome (Trace Event) | =3.0.195.21 | |
| Google Chrome (Trace Event) | =2.0.169.0 | |
| Google Chrome (Trace Event) | =1.0.154.36 | |
| Google Chrome (Trace Event) | =2.0.172 | |
| Google Chrome (Trace Event) | =2.0.172.30 | |
| Google Chrome (Trace Event) | =3.0.193.2-beta | |
| Google Chrome (Trace Event) | =2.0.156.1 | |
| Google Chrome (Trace Event) | =3.0.195.32 | |
| Google Chrome (Trace Event) | =1.0.154.46 | |
| Google Chrome (Trace Event) | =3.0.190.2 | |
| Google Chrome (Trace Event) | =0.4.154.22 | |
| Google Chrome (Trace Event) | =2.0.159.0 | |
| Google Chrome (Trace Event) | =2.0.158.0 | |
| Google Chrome (Trace Event) | =2.0.172.28 | |
| Google Chrome (Trace Event) | =2.0.172.31 | |
| Google Chrome (Trace Event) | =1.0.154.48 | |
| Google Chrome (Trace Event) | =2.0.172.37 | |
| Google Chrome | <=4.0.249.78 | |
| Google Chrome | =0.2.149.27 | |
| Google Chrome | =0.2.149.29 | |
| Google Chrome | =0.2.149.30 | |
| Google Chrome | =0.2.152.1 | |
| Google Chrome | =0.2.153.1 | |
| Google Chrome | =0.3.154.0 | |
| Google Chrome | =0.3.154.3 | |
| Google Chrome | =0.4.154.18 | |
| Google Chrome | =0.4.154.22 | |
| Google Chrome | =0.4.154.31 | |
| Google Chrome | =0.4.154.33 | |
| Google Chrome | =1.0.154.36 | |
| Google Chrome | =1.0.154.39 | |
| Google Chrome | =1.0.154.42 | |
| Google Chrome | =1.0.154.43 | |
| Google Chrome | =1.0.154.46 | |
| Google Chrome | =1.0.154.48 | |
| Google Chrome | =1.0.154.52 | |
| Google Chrome | =1.0.154.53 | |
| Google Chrome | =1.0.154.59 | |
| Google Chrome | =1.0.154.65 | |
| Google Chrome | =2.0.156.1 | |
| Google Chrome | =2.0.157.0 | |
| Google Chrome | =2.0.157.2 | |
| Google Chrome | =2.0.158.0 | |
| Google Chrome | =2.0.159.0 | |
| Google Chrome | =2.0.169.0 | |
| Google Chrome | =2.0.169.1 | |
| Google Chrome | =2.0.170.0 | |
| Google Chrome | =2.0.172 | |
| Google Chrome | =2.0.172.2 | |
| Google Chrome | =2.0.172.8 | |
| Google Chrome | =2.0.172.27 | |
| Google Chrome | =2.0.172.28 | |
| Google Chrome | =2.0.172.30 | |
| Google Chrome | =2.0.172.31 | |
| Google Chrome | =2.0.172.33 | |
| Google Chrome | =2.0.172.37 | |
| Google Chrome | =2.0.172.38 | |
| Google Chrome | =3.0.182.2 | |
| Google Chrome | =3.0.190.2 | |
| Google Chrome | =3.0.193.2-beta | |
| Google Chrome | =3.0.195.21 | |
| Google Chrome | =3.0.195.24 | |
| Google Chrome | =3.0.195.32 | |
| Google Chrome | =3.0.195.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://code.google.com/p/chromium/issues/detail?id=12303
- http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
- http://secunia.com/advisories/38545
- http://securitytracker.com/id?1023583
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- http://www.osvdb.org/62315
- http://www.securityfocus.com/bid/38177
- http://www.vupen.com/english/advisories/2010/0361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56212
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14500
Frequently Asked Questions
What is the severity of CVE-2010-0643?
CVE-2010-0643 has been rated as a medium severity vulnerability.
How do I fix CVE-2010-0643?
To fix CVE-2010-0643, upgrade to Google Chrome version 4.0.249.89 or later.
What type of information can be leaked due to CVE-2010-0643?
CVE-2010-0643 can potentially expose sensitive information about the identity of a client user.
Which versions of Google Chrome are affected by CVE-2010-0643?
All versions of Google Chrome before 4.0.249.89 are affected by CVE-2010-0643.
How does CVE-2010-0643 work?
CVE-2010-0643 allows remote HTTP servers to log connections made directly by Chrome when proxy servers are unavailable.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/google
- canonical/google chrome (trace event)
- version/google chrome (trace event)/2.0.172.8
- version/google chrome (trace event)/0.3.154.3
- version/google chrome (trace event)/3.0.182.2
- version/google chrome (trace event)/0.2.149.30
- version/google chrome (trace event)/0.4.154.31
- version/google chrome (trace event)/1.0.154.39
- version/google chrome (trace event)/2.0.172.38
- version/google chrome (trace event)/1.0.154.59
- version/google chrome (trace event)/0.2.149.27
- version/google chrome (trace event)/1.0.154.53
- version/google chrome (trace event)/0.4.154.33
- version/google chrome (trace event)/2.0.170.0
- version/google chrome (trace event)/1.0.154.43
- version/google chrome (trace event)/1.0.154.42
- version/google chrome (trace event)/2.0.169.1
- version/google chrome (trace event)/2.0.172.33
- version/google chrome (trace event)/3.0.195.24
- version/google chrome (trace event)/3.0.195.33
- version/google chrome (trace event)/1.0.154.52
- version/google chrome (trace event)/2.0.172.27
- version/google chrome (trace event)/1.0.154.65
- version/google chrome (trace event)/2.0.157.2
- version/google chrome (trace event)/0.4.154.18
- version/google chrome (trace event)/0.2.149.29
- version/google chrome (trace event)/2.0.157.0
- version/google chrome (trace event)/0.2.152.1
- version/google chrome (trace event)/0.3.154.0
- version/google chrome (trace event)/4.0.249.78
- version/google chrome (trace event)/0.2.153.1
- version/google chrome (trace event)/2.0.172.2
- version/google chrome (trace event)/3.0.195.21
- version/google chrome (trace event)/2.0.169.0
- version/google chrome (trace event)/1.0.154.36
- version/google chrome (trace event)/2.0.172
- version/google chrome (trace event)/2.0.172.30
- version/google chrome (trace event)/3.0.193.2-beta
- version/google chrome (trace event)/2.0.156.1
- version/google chrome (trace event)/3.0.195.32
- version/google chrome (trace event)/1.0.154.46
- version/google chrome (trace event)/3.0.190.2
- version/google chrome (trace event)/0.4.154.22
- version/google chrome (trace event)/2.0.159.0
- version/google chrome (trace event)/2.0.158.0
- version/google chrome (trace event)/2.0.172.28
- version/google chrome (trace event)/2.0.172.31
- version/google chrome (trace event)/1.0.154.48
- version/google chrome (trace event)/2.0.172.37
- canonical/google chrome
- version/google chrome/4.0.249.78
- version/google chrome/0.2.149.27
- version/google chrome/0.2.149.29
- version/google chrome/0.2.149.30
- version/google chrome/0.2.152.1
- version/google chrome/0.2.153.1
- version/google chrome/0.3.154.0
- version/google chrome/0.3.154.3
- version/google chrome/0.4.154.18
- version/google chrome/0.4.154.22
- version/google chrome/0.4.154.31
- version/google chrome/0.4.154.33
- version/google chrome/1.0.154.36
- version/google chrome/1.0.154.39
- version/google chrome/1.0.154.42
- version/google chrome/1.0.154.43
- version/google chrome/1.0.154.46
- version/google chrome/1.0.154.48
- version/google chrome/1.0.154.52
- version/google chrome/1.0.154.53
- version/google chrome/1.0.154.59
- version/google chrome/1.0.154.65
- version/google chrome/2.0.156.1
- version/google chrome/2.0.157.0
- version/google chrome/2.0.157.2
- version/google chrome/2.0.158.0
- version/google chrome/2.0.159.0
- version/google chrome/2.0.169.0
- version/google chrome/2.0.169.1
- version/google chrome/2.0.170.0
- version/google chrome/2.0.172
- version/google chrome/2.0.172.2
- version/google chrome/2.0.172.8
- version/google chrome/2.0.172.27
- version/google chrome/2.0.172.28
- version/google chrome/2.0.172.30
- version/google chrome/2.0.172.31
- version/google chrome/2.0.172.33
- version/google chrome/2.0.172.37
- version/google chrome/2.0.172.38
- version/google chrome/3.0.182.2
- version/google chrome/3.0.190.2
- version/google chrome/3.0.193.2-beta
- version/google chrome/3.0.195.21
- version/google chrome/3.0.195.24
- version/google chrome/3.0.195.32
- version/google chrome/3.0.195.33