CVE-2010-3118

The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=51146	Exploit Issue Tracking Patch Vendor Advisory
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11839	Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=51146	Exploit Issue Tracking Patch Vendor Advisory
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11839	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:18

Type	Values Removed	Values Added
References	~~() http://code.google.com/p/chromium/issues/detail?id=51146 - Exploit, Issue Tracking, Patch, Vendor Advisory~~	() http://code.google.com/p/chromium/issues/detail?id=51146 - Exploit, Issue Tracking, Patch, Vendor Advisory
References	~~() http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html - Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html - Vendor Advisory
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11839 - Third Party Advisory~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11839 - Third Party Advisory

Information

Published : 2010-08-24 20:00

Updated : 2024-11-21 01:18

NVD link : CVE-2010-3118

Mitre link : CVE-2010-3118

CVE.ORG link : CVE-2010-3118

JSON object : View

Products Affected

google

chrome

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2010-3118", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-24T20:00:02.567", "references": [{"url": "http://code.google.com/p/chromium/issues/detail?id=51146", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11839", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://code.google.com/p/chromium/issues/detail?id=51146", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11839", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature."}, {"lang": "es", "value": "La caracter\u00edstica \"autosuggest\" en la implementaci\u00f3n de Omnibox de Google Chrome anterior a v5.0.375.127 no se anticipa a la entrada de contrase\u00f1as, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible leyendo el tr\u00e1fico de red generado por esta caracter\u00edstica."}], "lastModified": "2024-11-21T01:18:04.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52B6233A-13C2-434A-9C05-BA18423AF5BF", "versionEndExcluding": "5.0.375.127"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}