Unrated severityNVD Advisory· Published Feb 18, 2010· Updated Apr 29, 2026
CVE-2010-0651
CVE-2010-0651
Description
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.htmlnvdPatchThird Party Advisory
- code.google.com/p/chromium/issues/detailnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvdThird Party Advisory
- scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.htmlnvdThird Party Advisory
- securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugsnvdThird Party Advisory
- trac.webkit.org/changeset/52784nvdVendor Advisory
- websec.sv.cmu.edu/css/css.pdfnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.ubuntu.com/usn/USN-1006-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2722nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0212nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0552nvdThird Party Advisory
- bugs.webkit.org/show_bug.cginvdVendor Advisory
- secunia.com/advisories/41856nvdPermissions Required
- secunia.com/advisories/43068nvdPermissions Required
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13653nvd
News mentions
0No linked articles in our index yet.