Unrated severityNVD Advisory· Published Sep 24, 2010· Updated Apr 29, 2026
CVE-2010-1767
CVE-2010-1767
Description
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.
Affected products
235cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 234 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=4.1.249.1058
- cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.212.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.212.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.221.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.222.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.222.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.222.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.222.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.223.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.223.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.223.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.223.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.223.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.223.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.223.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.223.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.224.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.229.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.235.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.236.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.237.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.237.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.239.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.240.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.241.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.242.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.243.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.244.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.245.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.245.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.246.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.247.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.248.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.72:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.78:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.78:beta:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.79:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.82:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.249.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.250.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.250.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.251.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.252.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.254.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.255.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.256.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.257.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.258.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.259.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.260.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.261.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.262.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.263.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.264.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.265.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.266.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.267.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.268.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.269.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.271.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.272.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.275.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.275.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.276.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.277.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.278.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.286.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.287.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.288.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.288.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.289.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.290.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.292.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.294.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.295.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.296.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.299.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.300.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.301.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.302.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.302.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.302.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.302.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.303.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.304.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.0.305.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1001:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1004:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1006:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1007:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1008:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1009:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1010:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1011:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1012:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1013:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1014:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1015:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1016:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1017:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1018:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1019:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1020:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1021:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1022:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1023:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1024:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1025:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1026:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1027:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1028:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1029:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1030:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1031:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1032:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1033:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1034:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1035:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1036:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1042:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1045:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1046:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1047:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1048:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1049:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1050:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1051:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1052:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1053:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1054:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1055:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1056:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:4.1.249.1057:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- secunia.com/advisories/39544nvdVendor Advisory
- code.google.com/p/chromium/issues/detailnvd
- googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
- osvdb.org/64002nvd
- secunia.com/advisories/41856nvd
- secunia.com/advisories/43068nvd
- security-tracker.debian.org/tracker/CVE-2010-1767nvd
- trac.webkit.org/changeset/57041nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/39603nvd
- www.ubuntu.com/usn/USN-1006-1nvd
- www.vupen.com/english/advisories/2010/2722nvd
- www.vupen.com/english/advisories/2011/0212nvd
- www.vupen.com/english/advisories/2011/0552nvd
- bugs.webkit.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11140nvd
News mentions
0No linked articles in our index yet.