CVE-2010-1236

CVE-2010-1236 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

Learn more about our Cis Benchmark Audit For Google Chrome.