CVE-2010-0657
Published: 18 February 2010
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.
Notes
Author | Note |
---|---|
mdeslaur | may be windows-specific |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Not vulnerable
(5.0.342.9~r43360-0ubuntu2)
|
|
maverick |
Not vulnerable
(5.0.375.38~r46659-0ubuntu1)
|
|
Patches: upstream: http://src.chromium.org/viewvc/chrome?view=rev&revision=35377 |