Vulnerability Details : CVE-2010-1230
Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.
Vulnerability category: Information leak
Products affected by CVE-2010-1230
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1230
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1230
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-1230
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1230
-
http://code.google.com/p/chromium/issues/detail?id=30801
30801 - "Clear Browsing Data" dialog is missing an option for HTML5 storage facilities (Local Storage & Web Database) - chromium - MonorailVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14292
Repository / Oval RepositoryThird Party Advisory
-
http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html
Chrome Releases: Stable Channel UpdateThird Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=33445
33445 - STS design questions around probing what sites a user has been to - chromium - MonorailVendor Advisory
Jump to