browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-18T17:00:00

Updated: 2024-08-07T00:52:19.702Z

Reserved: 2010-02-05T00:00:00

Link: CVE-2010-0556

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-02-18T17:30:00.583

Modified: 2024-11-21T01:12:26.570

Link: CVE-2010-0556

cve-icon Redhat

No data.