Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1504

Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.

Related bugs and status

CVE-2010-1504 (Candidate) is related to these bugs:

Bug #584016: security update available for chromium

		In	Importance	Status
584016	security update available for chromium	chromium-browser (Ubuntu)	Undecided	Fix Released
584016	security update available for chromium	chromium-browser (Ubuntu Lucid)	Undecided	Fix Released
584016	security update available for chromium	chromium-browser (Ubuntu Maverick)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.chromium.o...
CONFIRM: http://googlechromerel...
BID: 39603
SECUNIA: 39544
BID: 39669
OSVDB: 63998
OVAL: oval:org.mitre.oval:de...