CVE-2010-5073Google Chrome vulnerability

CWE-2644 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 67.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple SafariGoogle Chrome
Timeline
PublishedDec 7
Latest updateMay 17

Description

The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDgoogle/chrome224 versions+223
NVDapple/safari11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-mf5v-3c9h-j7h3: The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle2022-05-17
GHSA
GHSA-34jq-3228-6mcp: The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle2022-05-17
CVE-2010-5073 — Google Chrome vulnerability | cvebase