Vulnerability Description
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 4.0.249.78 | |
| Microsoft | Windows | All versions |
References
- http://code.google.com/p/chromium/issues/detail?id=23693
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-secur
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://code.google.com/p/chromium/issues/detail?id=23693
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-secur
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2010-0657?
CVE-2010-0657 is a vulnerability with a CVSS score of 9.3 (HIGH). Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote atta...
How severe is CVE-2010-0657?
CVE-2010-0657 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0657?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Microsoft Windows.