CVE-2010-4483

Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=55745
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html	Vendor Advisory
http://secunia.com/advisories/42472
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11610
https://technet.microsoft.com/library/security/msvr11-002

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-12-07 21:00

Updated : 2024-02-28 11:41

NVD link : CVE-2010-4483

Mitre link : CVE-2010-4483

CVE.ORG link : CVE-2010-4483

JSON object : View

Products Affected

google

chrome

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2010-4483", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-12-07T21:00:08.797", "references": [{"url": "http://code.google.com/p/chromium/issues/detail?id=55745", "source": "cve@mitre.org"}, {"url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42472", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11610", "source": "cve@mitre.org"}, {"url": "https://technet.microsoft.com/library/security/msvr11-002", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site."}, {"lang": "es", "value": "Google Chrome antes de v8.0.552.215 no restringe adecuadamente el acceso de lectura a los v\u00eddeos de derivados de elementos CANVAS, lo que permite a atacantes remotos evitar la pol\u00edtica del mismo origen y obtener los datos de video potencialmente sensibles a trav\u00e9s de un sitio web debidamente modificado."}], "lastModified": "2017-09-19T01:31:46.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A2F99C7-6964-47B0-9F25-C98788A3254B", "versionEndIncluding": "8.0.552.214"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}