Google Chrome Multiple Information Disclosure Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to multiple information disclosure vulnerabilities.

Impact

Successful exploitation will allow remote attackers to gain sensitive information about visited web pages by calling getComputedStyle method or via a crafted HTML document. Impact Level: Application

Solution

Upgrade to the Google Chrome version 5.0 or later, For updates refer to http://www.google.com/chrome

Insight

Multiple vulnerabilities are due to implementation erros in, - The JavaScript failing to restrict the set of values contained in the object returned by the getComputedStyle method. - The Cascading Style Sheets (CSS) failing to handle the visited pseudo-class.

Affected

Google Chrome version 4.x on Windows.

References

http://w2spconf.com/2010/papers/p26.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-5069, CVE-2010-5073

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
Asterisk Missing ACL Check Remote Security Bypass Vulnerability

Take action and discover your vulnerabilities