CVE-2010-0660
Google Chrome < 4.0.249.78 - HTTPS URL Exposure via Referer Header
Title source: llmDescription
Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14247
Patch x_refsource_confirm
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023506
Vendor Advisory x_refsource_confirm
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
Issue Tracking x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=29920
Scores
EPSS
0.0076
EPSS Percentile
50.8%
Details
CWE
CWE-200
Status
published
Products (47)
google/chrome
0.2.149.27
google/chrome
0.2.149.29
google/chrome
0.2.149.30
google/chrome
0.2.152.1
google/chrome
0.2.153.1
google/chrome
0.3.154.0
google/chrome
0.3.154.3
google/chrome
0.4.154.18
google/chrome
0.4.154.22
google/chrome
0.4.154.31
... and 37 more
Published
Feb 18, 2010
Tracked Since
Feb 18, 2026