Candidate: CVE-2010-0657
PublicDate: 2010-02-18 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0657
 http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
Description:
 Google Chrome before 4.0.249.78 on Windows does not perform the expected
 encoding, escaping, and quoting for the URL in the --app argument in a
 desktop shortcut, which allows user-assisted remote attackers to execute
 arbitrary programs or obtain sensitive information by tricking a user into
 creating a crafted shortcut.
Ubuntu-Description:
Notes:
 mdeslaur> may be windows-specific
Bugs:
 http://code.google.com/p/chromium/issues/detail?id=23693
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_chromium-browser:
 upstream: http://src.chromium.org/viewvc/chrome?view=rev&revision=35377
upstream_chromium-browser: needs-triage
dapper_chromium-browser: DNE
hardy_chromium-browser: DNE
intrepid_chromium-browser: DNE
jaunty_chromium-browser: DNE
karmic_chromium-browser: DNE
lucid_chromium-browser: not-affected (5.0.342.9~r43360-0ubuntu2)
devel_chromium-browser: not-affected (5.0.375.38~r46659-0ubuntu1)