#VU33976 Input validation error in Google Chrome - CVE-2010-3115

Cybersecurity Help s.r.o.

Published: 2010-08-24 | Updated: 2020-08-04

Vulnerability identifier: #VU33976

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2010-3115

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Google Chrome
Client/Desktop applications / Web browsers

Vendor: Google

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Google Chrome: 5.0.375.0 - 5.0.375.126

External links
https://code.google.com/p/chromium/issues/detail?id=49964
https://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html
https://secunia.com/advisories/41856
https://secunia.com/advisories/43086
https://www.mandriva.com/security/advisories?name=MDVSA-2011:039
https://www.redhat.com/support/errata/RHSA-2011-0177.html
https://www.securityfocus.com/bid/44203
https://www.ubuntu.com/usn/USN-1006-1
https://www.vupen.com/english/advisories/2010/2722
https://www.vupen.com/english/advisories/2011/0216
https://www.vupen.com/english/advisories/2011/0552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11953

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in webkit (Alpine package)