製品・ソフトウェアに関する情報

JVN脆弱性詳細

Google Chrome における document.styleSheets[0].href のプロパティ値を読まれる脆弱性

Title	Google Chrome における document.styleSheets[0].href のプロパティ値を読まれる脆弱性
Summary	Google Chrome で使用される WebKit には、IFRAME 要素に関する処理に不備があるため、Web サイトのユーザセッションのリダイレクト target URL を発見され、document.styleSheets[0].href のプロパティ値を読まれる脆弱性が存在します。
Possible impacts	第三者により、スタイルシートの LINK 要素の HREF 属性内に、サイトの URL を配置されることにより、Web サイトのユーザセッションのリダイレクト target URL を発見され、document.styleSheets[0].href のプロパティ値を読まれる可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Jan. 14, 2010, midnight
Registration Date	Nov. 24, 2010, 3:01 p.m.
Last Update	Nov. 24, 2010, 3:01 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected System

Google

Google Chrome 4.0.249.89

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0315	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0315
National Vulnerability Database (NVD)
2	CVE-2010-0315	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0315

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Google
1	Google Chrome	http://www.google.com/chrome/intl/ja/landing.html?hl=ja
2	stable-channel-update	http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

その他

No	Name	URL
ISS X-Force Database
1	55683	http://xforce.iss.net/xforce/xfdb/55683
SecurityTracker
2	1023583	http://securitytracker.com/id?1023583

Change Log

No	Changed Details	Date of change
0	[2010年11月24日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-0315

Summary	WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
Summary	WebKit anterior a versión r53607, tal como es usado en Chrome de Google anterior a versión 4.0.249.89, permite a los atacantes remotos detectar la URL de destino de redireccionamiento, para la sesión de un usuario específico de un sitio web, mediante la colocación de la URL del sitio en el atributo HREF de un elemento LINK de hoja de estilos y, a continuación, leer el valor de la propiedad document.styleSheets[0].href, relacionado con un elemento IFRAME.
Publication Date	Jan. 15, 2010, 4:30 a.m.
Registration Date	Jan. 29, 2021, 10:56 a.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::		4.0.249.78
cpe:2.3:a:google:chrome:0.2.149.27:::::::*
cpe:2.3:a:google:chrome:0.2.149.29:::::::*
cpe:2.3:a:google:chrome:0.2.149.30:::::::*
cpe:2.3:a:google:chrome:0.2.152.1:::::::*
cpe:2.3:a:google:chrome:0.2.153.1:::::::*
cpe:2.3:a:google:chrome:0.3.154.0:::::::*
cpe:2.3:a:google:chrome:0.3.154.3:::::::*
cpe:2.3:a:google:chrome:0.4.154.18:::::::*
cpe:2.3:a:google:chrome:0.4.154.22:::::::*
cpe:2.3:a:google:chrome:0.4.154.31:::::::*
cpe:2.3:a:google:chrome:0.4.154.33:::::::*
cpe:2.3:a:google:chrome:1.0.154.36:::::::*
cpe:2.3:a:google:chrome:1.0.154.39:::::::*
cpe:2.3:a:google:chrome:1.0.154.42:::::::*
cpe:2.3:a:google:chrome:1.0.154.43:::::::*
cpe:2.3:a:google:chrome:1.0.154.46:::::::*
cpe:2.3:a:google:chrome:1.0.154.48:::::::*
cpe:2.3:a:google:chrome:1.0.154.52:::::::*
cpe:2.3:a:google:chrome:1.0.154.53:::::::*
cpe:2.3:a:google:chrome:1.0.154.59:::::::*
cpe:2.3:a:google:chrome:1.0.154.65:::::::*
cpe:2.3:a:google:chrome:2.0.156.1:::::::*
cpe:2.3:a:google:chrome:2.0.157.0:::::::*
cpe:2.3:a:google:chrome:2.0.157.2:::::::*
cpe:2.3:a:google:chrome:2.0.158.0:::::::*
cpe:2.3:a:google:chrome:2.0.159.0:::::::*
cpe:2.3:a:google:chrome:2.0.169.0:::::::*
cpe:2.3:a:google:chrome:2.0.169.1:::::::*
cpe:2.3:a:google:chrome:2.0.170.0:::::::*
cpe:2.3:a:google:chrome:2.0.172:::::::*
cpe:2.3:a:google:chrome:2.0.172.2:::::::*
cpe:2.3:a:google:chrome:2.0.172.8:::::::*
cpe:2.3:a:google:chrome:2.0.172.27:::::::*
cpe:2.3:a:google:chrome:2.0.172.28:::::::*
cpe:2.3:a:google:chrome:2.0.172.30:::::::*
cpe:2.3:a:google:chrome:2.0.172.31:::::::*
cpe:2.3:a:google:chrome:2.0.172.33:::::::*
cpe:2.3:a:google:chrome:2.0.172.37:::::::*
cpe:2.3:a:google:chrome:2.0.172.38:::::::*
cpe:2.3:a:google:chrome:3.0.182.2:::::::*
cpe:2.3:a:google:chrome:3.0.190.2:::::::*
cpe:2.3:a:google:chrome:3.0.193.2:beta::::::
cpe:2.3:a:google:chrome:3.0.195.21:::::::*
cpe:2.3:a:google:chrome:3.0.195.24:::::::*
cpe:2.3:a:google:chrome:3.0.195.32:::::::*
cpe:2.3:a:google:chrome:3.0.195.33:::::::*

Related information, measures and tools

No	URL	refsource
1	http://code.google.com/p/chromium/issues/detail?id=32309	cve@mitre.org
2	http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html	cve@mitre.org
3	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	cve@mitre.org
4	http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html	cve@mitre.org
5	http://secunia.com/advisories/38545	cve@mitre.org
6	http://secunia.com/advisories/43068	cve@mitre.org
7	http://securitytracker.com/id?1023583	cve@mitre.org
8	http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs	cve@mitre.org
9	http://trac.webkit.org/changeset/53607	cve@mitre.org
10	http://www.securityfocus.com/bid/38177	cve@mitre.org
11	http://www.vupen.com/english/advisories/2010/0361	cve@mitre.org
12	http://www.vupen.com/english/advisories/2011/0212	cve@mitre.org
13	https://bugs.webkit.org/show_bug.cgi?id=33683	cve@mitre.org
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/55683	cve@mitre.org
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/56215	cve@mitre.org
16	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452	cve@mitre.org
17	http://code.google.com/p/chromium/issues/detail?id=32309	af854a3a-2127-422b-91ae-364da2661108
18	http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html	af854a3a-2127-422b-91ae-364da2661108
19	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	af854a3a-2127-422b-91ae-364da2661108
20	http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html	af854a3a-2127-422b-91ae-364da2661108
21	http://secunia.com/advisories/38545	af854a3a-2127-422b-91ae-364da2661108
22	http://secunia.com/advisories/43068	af854a3a-2127-422b-91ae-364da2661108
23	http://securitytracker.com/id?1023583	af854a3a-2127-422b-91ae-364da2661108
24	http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs	af854a3a-2127-422b-91ae-364da2661108
25	http://trac.webkit.org/changeset/53607	af854a3a-2127-422b-91ae-364da2661108
26	http://www.securityfocus.com/bid/38177	af854a3a-2127-422b-91ae-364da2661108
27	http://www.vupen.com/english/advisories/2010/0361	af854a3a-2127-422b-91ae-364da2661108
28	http://www.vupen.com/english/advisories/2011/0212	af854a3a-2127-422b-91ae-364da2661108
29	https://bugs.webkit.org/show_bug.cgi?id=33683	af854a3a-2127-422b-91ae-364da2661108
30	https://exchange.xforce.ibmcloud.com/vulnerabilities/55683	af854a3a-2127-422b-91ae-364da2661108
31	https://exchange.xforce.ibmcloud.com/vulnerabilities/56215	af854a3a-2127-422b-91ae-364da2661108
32	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::		4.0.249.78
cpe:2.3:a:google:chrome:0.2.149.27:::::::*
cpe:2.3:a:google:chrome:0.2.149.29:::::::*
cpe:2.3:a:google:chrome:0.2.149.30:::::::*
cpe:2.3:a:google:chrome:0.2.152.1:::::::*
cpe:2.3:a:google:chrome:0.2.153.1:::::::*
cpe:2.3:a:google:chrome:0.3.154.0:::::::*
cpe:2.3:a:google:chrome:0.3.154.3:::::::*
cpe:2.3:a:google:chrome:0.4.154.18:::::::*
cpe:2.3:a:google:chrome:0.4.154.22:::::::*
cpe:2.3:a:google:chrome:0.4.154.31:::::::*
cpe:2.3:a:google:chrome:0.4.154.33:::::::*
cpe:2.3:a:google:chrome:1.0.154.36:::::::*
cpe:2.3:a:google:chrome:1.0.154.39:::::::*
cpe:2.3:a:google:chrome:1.0.154.42:::::::*
cpe:2.3:a:google:chrome:1.0.154.43:::::::*
cpe:2.3:a:google:chrome:1.0.154.46:::::::*
cpe:2.3:a:google:chrome:1.0.154.48:::::::*
cpe:2.3:a:google:chrome:1.0.154.52:::::::*
cpe:2.3:a:google:chrome:1.0.154.53:::::::*
cpe:2.3:a:google:chrome:1.0.154.59:::::::*
cpe:2.3:a:google:chrome:1.0.154.65:::::::*
cpe:2.3:a:google:chrome:2.0.156.1:::::::*
cpe:2.3:a:google:chrome:2.0.157.0:::::::*
cpe:2.3:a:google:chrome:2.0.157.2:::::::*
cpe:2.3:a:google:chrome:2.0.158.0:::::::*
cpe:2.3:a:google:chrome:2.0.159.0:::::::*
cpe:2.3:a:google:chrome:2.0.169.0:::::::*
cpe:2.3:a:google:chrome:2.0.169.1:::::::*
cpe:2.3:a:google:chrome:2.0.170.0:::::::*
cpe:2.3:a:google:chrome:2.0.172:::::::*
cpe:2.3:a:google:chrome:2.0.172.2:::::::*
cpe:2.3:a:google:chrome:2.0.172.8:::::::*
cpe:2.3:a:google:chrome:2.0.172.27:::::::*
cpe:2.3:a:google:chrome:2.0.172.28:::::::*
cpe:2.3:a:google:chrome:2.0.172.30:::::::*
cpe:2.3:a:google:chrome:2.0.172.31:::::::*
cpe:2.3:a:google:chrome:2.0.172.33:::::::*
cpe:2.3:a:google:chrome:2.0.172.37:::::::*
cpe:2.3:a:google:chrome:2.0.172.38:::::::*
cpe:2.3:a:google:chrome:3.0.182.2:::::::*
cpe:2.3:a:google:chrome:3.0.190.2:::::::*
cpe:2.3:a:google:chrome:3.0.193.2:beta::::::
cpe:2.3:a:google:chrome:3.0.195.21:::::::*
cpe:2.3:a:google:chrome:3.0.195.24:::::::*
cpe:2.3:a:google:chrome:3.0.195.32:::::::*
cpe:2.3:a:google:chrome:3.0.195.33:::::::*