CVE-2010-0315

WebKit <r53607 - SSRF

Title source: llm

Description

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · htmlremotemultiple

https://www.exploit-db.com/exploits/33562

View Code ZIP pw:eip

References (16)

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

[Exploit] http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html

[Vendor Advisory] http://secunia.com/advisories/38545

[Vendor Advisory] http://secunia.com/advisories/43068

[Various Sources] http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

[Various Sources] http://trac.webkit.org/changeset/53607

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/0361

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0212

[Various Sources] https://bugs.webkit.org/show_bug.cgi?id=33683

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/55683

[Issue Tracking] http://code.google.com/p/chromium/issues/detail?id=32309

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/38177

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/56215

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023583

Scores

EPSS 0.1253

EPSS Percentile 94.0%

Details

Status published

Products (47)

google/chrome 0.2.149.27

google/chrome 0.2.149.29

google/chrome 0.2.149.30

google/chrome 0.2.152.1

google/chrome 0.2.153.1

google/chrome 0.3.154.0

google/chrome 0.3.154.3

google/chrome 0.4.154.18

google/chrome 0.4.154.22

google/chrome 0.4.154.31

... and 37 more

Published Jan 14, 2010

Tracked Since Feb 18, 2026