CVE-2010-0661 : WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as use

WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

Published 2010-02-18 18:00:01

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2010-0661

Apple » Webkit » Version: 52400
cpe:2.3:a:apple:webkit:52400:*:*:*:*:*:*:*
Matching versions
Google » Chrome
Versions up to, including, (<=) 4.0.249.0
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.29
cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.30
cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.36
cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.149.27
cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.190.2
cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.8
cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.2
cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.33
cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.169.1
cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.48
cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.52
cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.3.154.3
cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.153.1
cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.28
cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.38
cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.158.0
cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.169.0
cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.159.0
cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.37
cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.59
cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.193.2 Update Beta
cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.195.33
cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.195.32
cpe:2.3:a:google:chrome:3.0.195.32:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.195.21
cpe:2.3:a:google:chrome:3.0.195.21:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.27
cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.156.1
cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.31
cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172.30
cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.39
cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.42
cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.65
cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.2.152.1
cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.31
cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.22
cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.33
cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.195.24
cpe:2.3:a:google:chrome:3.0.195.24:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 3.0.182.2
cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.157.0
cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.157.2
cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.172
cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 2.0.170.0
cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.53
cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.46
cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 1.0.154.43
cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.4.154.18
cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 0.3.154.0
cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 4.0.244.0
cpe:2.3:a:google:chrome:4.0.244.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2010-0661

EPSS FAQ

1.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2010-0661

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-0661

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0661

http://trac.webkit.org/changeset/52401

Changeset 52401 – WebKit
Patch
http://secunia.com/advisories/43068

Sign in

CVEs referencing this url
http://flock.com/security/

Flock – A Secure Team Communication & Collaboration App

CVEs referencing this url
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

Chrome Releases: Stable Channel Update
Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2011/0212

Webmail | OVH- OVH

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002

CVEs referencing this url
https://bugs.webkit.org/show_bug.cgi?id=32647

Bug Access Denied
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14482

Repository / Oval Repository
http://code.google.com/p/chromium/issues/detail?id=30660

30660 - window.open() Method Javascript Same-Origin Policy Violation - chromium - Monorail
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

Page not found - The Chromium Projects
Vendor Advisory

CVEs referencing this url
http://securitytracker.com/id?1023506

Google Chrome Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Obtain Information. - SecurityTracker

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2010-0661

Products affected by CVE-2010-0661

Exploit prediction scoring system (EPSS) score for CVE-2010-0661

CVSS scores for CVE-2010-0661

CWE ids for CVE-2010-0661

References for CVE-2010-0661