| Vulnerability Name: | CVE-2010-3118 (CCN-61237) | ||||||||
| Assigned: | 2010-08-19 | ||||||||
| Published: | 2010-08-19 | ||||||||
| Updated: | 2020-08-04 | ||||||||
| Summary: | The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: CONFIRM Type: Exploit, Issue Tracking, Patch, Vendor Advisory http://code.google.com/p/chromium/issues/detail?id=51146 Source: MITRE Type: CNA CVE-2010-3118 Source: CCN Type: Google Chrome Releases Web site Stable Channel Update Source: CONFIRM Type: Vendor Advisory http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html Source: CCN Type: SA41014 Google Chrome Multiple Vulnerabilities Source: CCN Type: OSVDB ID: 67465 Google Chrome Omnibox Implementation Autosuggest Feature Password Entry Remote Information Disclosure Source: CCN Type: BID-42571 Google Chrome prior to 5.0.375.127 Multiple Security Vulnerabilities Source: XF Type: UNKNOWN google-chrome-omnibox-weak-security(61237) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:11839 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||