CVE-2010-0556

Published: 18 February 2010

browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.

Notes

Author	Note
mdeslaur	fixed in r36829

Priority

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Not vulnerable (5.0.342.9~r43360-0ubuntu2)
	upstream	Needs triage

References

http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
https://www.cve.org/CVERecord?id=CVE-2010-0556
NVD
Launchpad
Debian

Bugs

http://code.google.com/p/chromium/issues/detail?id=32718

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›