CVE-2010-0660

Google Chrome < 4.0.249.78 - HTTPS URL Exposure via Referer Header

Title source: llm
STIX 2.1

Description

Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14247
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023506

Scores

EPSS 0.0076
EPSS Percentile 50.8%

Details

CWE
CWE-200
Status published
Products (47)
google/chrome 0.2.149.27
google/chrome 0.2.149.29
google/chrome 0.2.149.30
google/chrome 0.2.152.1
google/chrome 0.2.153.1
google/chrome 0.3.154.0
google/chrome 0.3.154.3
google/chrome 0.4.154.18
google/chrome 0.4.154.22
google/chrome 0.4.154.31
... and 37 more
Published Feb 18, 2010
Tracked Since Feb 18, 2026