CVE-2010-0661

CWE-2645 documents5 sources
Severity
6.8MEDIUM
EPSS
1.6%
top 18.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeApple Webkit
Timeline
PublishedFeb 18
Latest updateMay 2

Description

WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDgoogle/chrome4.0.249.0+47
NVDapple/webkit52400

Patches

Patch: googlechromereleases.blogspot.comPatch: trac.webkit.orgPatch: googlechromereleases.blogspot.com

🔴Vulnerability Details

2
GHSA
GHSA-p5w3-55x8-h8jw: WebCore/bindings/v8/custom/V8DOMWindowCustom2022-05-02
CVEList
CVE-2010-0661: WebCore/bindings/v8/custom/V8DOMWindowCustom2010-02-18

📋Vendor Advisories

1
Red Hat
webkit: remote bypass of same origin policy2010-02-03

💬Community

1
Bugzilla
CVE-2010-0661 webkit: remote bypass of same origin policy2010-02-24
CVE-2010-0661 (MEDIUM CVSS 6.8) | WebCore/bindings/v8/custom/V8DOMWin | cvebase.io