CVE-2010-0315

Google Chrome < 4.0.249.89 - URL Discovery via Stylesheet LINK Element

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0315. PoCs published by Cesar Cerrudo.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Google Chrome by leveraging a CSS stylesheet reference and JavaScript to extract the full path of the stylesheet, potentially revealing sensitive information.

Description

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · htmlremotemultiple

https://www.exploit-db.com/exploits/33562

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in Google Chrome by leveraging a CSS stylesheet reference and JavaScript to extract the full path of the stylesheet, potentially revealing sensitive information.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome (versions prior to fix for CVE-2010-0315)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (16)

Core 16

Core References

Issue Tracking x_refsource_confirm

http://code.google.com/p/chromium/issues/detail?id=32309

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38177

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43068

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0212

Exploit x_refsource_misc

http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html

Various Sources x_refsource_confirm

http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/56215

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55683

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023583

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0361

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Various Sources x_refsource_confirm

http://trac.webkit.org/changeset/53607

Release Notes, Vendor Advisory x_refsource_confirm

http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452

Various Sources x_refsource_confirm

https://bugs.webkit.org/show_bug.cgi?id=33683

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38545

Scores

EPSS 0.0689

EPSS Percentile 93.2%

Details

Status published

Products (47)

google/chrome 0.2.149.27

google/chrome 0.2.149.29

google/chrome 0.2.149.30

google/chrome 0.2.152.1

google/chrome 0.2.153.1

google/chrome 0.3.154.0

google/chrome 0.3.154.3

google/chrome 0.4.154.18

google/chrome 0.4.154.22

google/chrome 0.4.154.31

... and 37 more

Published Jan 14, 2010

Tracked Since Feb 18, 2026