VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 1, 2010· Updated Apr 29, 2026

CVE-2010-1236

CVE-2010-1236

Description

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

Affected products

225
  • Google/Chrome224 versions
    cpe:2.3:a:google:chrome:4.0.222.5:*:*:*:*:*:*:*+ 223 more
    • cpe:2.3:a:google:chrome:4.0.222.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.222.12:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.223.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.223.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.19:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.20:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.21:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.23:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.24:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.25:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=4.1.249.1035
    • cpe:2.3:a:google:chrome:0.1.38.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.38.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.38.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.40.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.42.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.42.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.64:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.25:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.38:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.212.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.212.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.221.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.222.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.222.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.223.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.223.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.223.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.223.7:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.223.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.223.9:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.224.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.229.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.235.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.236.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.237.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.237.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.239.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.240.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.241.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.242.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.243.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.244.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.245.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.245.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.246.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.247.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.248.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.6:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.7:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.9:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.10:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.11:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.12:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.14:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.16:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.17:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.35:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.38:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.40:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.41:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.42:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.43:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.44:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.45:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.46:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.47:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.49:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.50:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.51:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.52:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.54:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.55:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.56:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.57:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.58:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.59:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.60:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.61:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.62:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.63:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.64:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.65:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.66:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.67:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.68:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.69:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.70:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.71:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.72:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.73:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.74:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.75:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.76:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.77:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.78:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.26:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.29:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.32:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.34:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.254.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.255.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.256.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.257.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.258.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.259.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.260.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.261.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.262.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.263.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.264.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.265.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.266.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.267.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.268.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.269.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.271.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.78:beta:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.79:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.80:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.81:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.82:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.249.89:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.250.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.250.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.251.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.252.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1009:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1010:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1011:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1012:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1013:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1014:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1015:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1016:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1017:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1018:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1019:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1020:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1021:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1022:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1023:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1024:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1025:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1026:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1027:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1028:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1029:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1030:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1031:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1032:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1033:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1034:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.272.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.275.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.275.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.276.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.277.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.278.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.286.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.287.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.288.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.288.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.289.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.290.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.292.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.294.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.295.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.296.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.299.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.300.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.301.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.302.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.302.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.302.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.302.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.303.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.304.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.0.305.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1001:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1004:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1006:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1007:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:4.1.249.1008:*:*:*:*:*:*:*
  • Flock/Flock
    cpe:2.3:a:flock:flock:3.0.0.4094:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.