Vulnerability Description
Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 4.0.249.0 |
Related Weaknesses (CWE)
References
- http://code.google.com/p/chromium/issues/detail?id=29920
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.htmlPatch
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-securVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://code.google.com/p/chromium/issues/detail?id=29920
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.htmlPatch
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-securVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2010-0660?
CVE-2010-0660 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain pot...
How severe is CVE-2010-0660?
CVE-2010-0660 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0660?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.