CVE-2010-3256 : Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified

Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.

Published 2010-09-07 18:00:03

Updated 2020-08-03 21:16:20

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-3256

Probability of exploitation activity in the next 30 days: 0.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html

Chrome Releases: Stable and Beta Channel Updates
Vendor Advisory

CVEs referencing this url
http://code.google.com/p/chromium/issues/detail?id=51727

51727 - autocomplete entries submitted by javascript should not be stored in db (similar to autofill bug 48225) - chromium - Monorail
Issue Tracking;Patch;Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12027

Repository / Oval Repository
Third Party Advisory

Google » Chrome
Versions before (<) 6.0.472.53
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions