Vulnerability Description
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Webkit | 52400 |
| Chrome | <= 4.0.249.0 |
Related Weaknesses (CWE)
References
- http://code.google.com/p/chromium/issues/detail?id=30660
- http://flock.com/security/
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.htmlPatch
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-securVendor Advisory
- http://trac.webkit.org/changeset/52401Patch
- http://www.vupen.com/english/advisories/2011/0212
- https://bugs.webkit.org/show_bug.cgi?id=32647
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://code.google.com/p/chromium/issues/detail?id=30660
- http://flock.com/security/
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.htmlPatch
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
FAQ
What is CVE-2010-0661?
CVE-2010-0661 is a vulnerability with a CVSS score of 6.8 (MEDIUM). WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the...
How severe is CVE-2010-0661?
CVE-2010-0661 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0661?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Webkit, Google Chrome.