CVE-2010-0657

Publication date 18 February 2010

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.

Read the notes from the security team

Status

Package Ubuntu Release Status
chromium-browser 10.04 LTS lucid
Not affected
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release

Notes

mdeslaur

may be windows-specific

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
chromium-browser

References

Other references

Access our resources on patching vulnerabilities