CVE-2010-0661

N/A Unknown

Published: February 18, 2010 Modified: April 29, 2026

Description

WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=30660

Source: cve@mitre.org

http://flock.com/security/

Source: cve@mitre.org

http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

http://secunia.com/advisories/43068

Source: cve@mitre.org

http://securitytracker.com/id?1023506

Source: cve@mitre.org

http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

Source: cve@mitre.org

Vendor Advisory

http://trac.webkit.org/changeset/52401

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

https://bugs.webkit.org/show_bug.cgi?id=32647

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14482

Source: cve@mitre.org

http://code.google.com/p/chromium/issues/detail?id=30660