CVE-2010-0660: Infoleak
First published: Thu Feb 18 2010(Updated: )
Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <=4.0.249.0 | |
| Google Chrome | =0.2.149.27 | |
| Google Chrome | =0.2.149.29 | |
| Google Chrome | =0.2.149.30 | |
| Google Chrome | =0.2.152.1 | |
| Google Chrome | =0.2.153.1 | |
| Google Chrome | =0.3.154.0 | |
| Google Chrome | =0.3.154.3 | |
| Google Chrome | =0.4.154.18 | |
| Google Chrome | =0.4.154.22 | |
| Google Chrome | =0.4.154.31 | |
| Google Chrome | =0.4.154.33 | |
| Google Chrome | =1.0.154.36 | |
| Google Chrome | =1.0.154.39 | |
| Google Chrome | =1.0.154.42 | |
| Google Chrome | =1.0.154.43 | |
| Google Chrome | =1.0.154.46 | |
| Google Chrome | =1.0.154.48 | |
| Google Chrome | =1.0.154.52 | |
| Google Chrome | =1.0.154.53 | |
| Google Chrome | =1.0.154.59 | |
| Google Chrome | =1.0.154.65 | |
| Google Chrome | =2.0.156.1 | |
| Google Chrome | =2.0.157.0 | |
| Google Chrome | =2.0.157.2 | |
| Google Chrome | =2.0.158.0 | |
| Google Chrome | =2.0.159.0 | |
| Google Chrome | =2.0.169.0 | |
| Google Chrome | =2.0.169.1 | |
| Google Chrome | =2.0.170.0 | |
| Google Chrome | =2.0.172 | |
| Google Chrome | =2.0.172.2 | |
| Google Chrome | =2.0.172.8 | |
| Google Chrome | =2.0.172.27 | |
| Google Chrome | =2.0.172.28 | |
| Google Chrome | =2.0.172.30 | |
| Google Chrome | =2.0.172.31 | |
| Google Chrome | =2.0.172.33 | |
| Google Chrome | =2.0.172.37 | |
| Google Chrome | =2.0.172.38 | |
| Google Chrome | =3.0.182.2 | |
| Google Chrome | =3.0.190.2 | |
| Google Chrome | =3.0.193.2-beta | |
| Google Chrome | =3.0.195.21 | |
| Google Chrome | =3.0.195.24 | |
| Google Chrome | =3.0.195.32 | |
| Google Chrome | =3.0.195.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- http://code.google.com/p/chromium/issues/detail?id=29920
- http://securitytracker.com/id?1023506
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14247
Frequently Asked Questions
What is the severity of CVE-2010-0660?
CVE-2010-0660 is classified as a moderate severity vulnerability due to potential exposure of sensitive information.
How do I fix CVE-2010-0660?
To fix CVE-2010-0660, users should update Google Chrome to version 4.0.249.78 or later.
What types of systems are affected by CVE-2010-0660?
CVE-2010-0660 affects various versions of Google Chrome prior to 4.0.249.78, including 0.2.x, 1.x, 2.x, and 3.x series.
What information could be exposed by CVE-2010-0660?
CVE-2010-0660 may allow remote HTTP servers to obtain potentially sensitive information from the Referer header of a request.
Is there a workaround for CVE-2010-0660?
There is no specific workaround for CVE-2010-0660; the recommended action is to update to a secure version of Google Chrome.
- agent/type
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- agent/source
- vendor/google
- canonical/google chrome
- version/google chrome/2.0.172.8
- version/google chrome/0.3.154.3
- version/google chrome/3.0.182.2
- version/google chrome/0.2.149.30
- version/google chrome/0.4.154.31
- version/google chrome/1.0.154.39
- version/google chrome/2.0.172.38
- version/google chrome/1.0.154.59
- version/google chrome/0.2.149.27
- version/google chrome/1.0.154.53
- version/google chrome/0.4.154.33
- version/google chrome/2.0.170.0
- version/google chrome/1.0.154.43
- version/google chrome/1.0.154.42
- version/google chrome/2.0.169.1
- version/google chrome/2.0.172.33
- version/google chrome/3.0.195.24
- version/google chrome/3.0.195.33
- version/google chrome/1.0.154.52
- version/google chrome/2.0.172.27
- version/google chrome/1.0.154.65
- version/google chrome/2.0.157.2
- version/google chrome/0.4.154.18
- version/google chrome/0.2.149.29
- version/google chrome/2.0.157.0
- version/google chrome/0.2.152.1
- version/google chrome/0.3.154.0
- version/google chrome/4.0.249.0
- version/google chrome/0.2.153.1
- version/google chrome/2.0.172.2
- version/google chrome/3.0.195.21
- version/google chrome/2.0.169.0
- version/google chrome/1.0.154.36
- version/google chrome/2.0.172
- version/google chrome/2.0.172.30
- version/google chrome/3.0.193.2-beta
- version/google chrome/2.0.156.1
- version/google chrome/3.0.195.32
- version/google chrome/1.0.154.46
- version/google chrome/3.0.190.2
- version/google chrome/0.4.154.22
- version/google chrome/2.0.159.0
- version/google chrome/2.0.158.0
- version/google chrome/2.0.172.28
- version/google chrome/2.0.172.31
- version/google chrome/1.0.154.48
- version/google chrome/2.0.172.37