PT-2010-3404 · Google+1 · Google Chrome+1

Published

2010-09-24

Updated

2017-09-19

CVE-2010-1767

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WebKit versions before r57041 Google Chrome versions before 4.1.249.1059

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of victims via a crafted synchronous preflight XMLHttpRequest operation.

Recommendations For WebKit versions before r57041, update to version r57041 or later. For Google Chrome versions before 4.1.249.1059, update to version 4.1.249.1059 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2010-1767

Affected Products

Google Chrome

Webkit

PT-2010-3404 · Google+1 · Google Chrome+1

CVE-2010-1767

Weakness Enumeration

Related Identifiers

Affected Products

References · 18