CVE-2010-0657
CRITICAL
9.3
CVSS Severity Score
Vulnerability Description
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.
Affected Platforms (CPE)
📦
Google
Chrome
= 0.2.149.27📦
Google
Chrome
= 0.2.149.29📦
Google
Chrome
= 0.2.149.30📦
Google
Chrome
= 0.2.152.1📦
Google
Chrome
= 0.2.153.1📦
Google
Chrome
= 0.3.154.0📦
Google
Chrome
= 0.3.154.3📦
Google
Chrome
= 0.4.154.18📦
Google
Chrome
= 0.4.154.22📦
Google
Chrome
= 0.4.154.31📦
Google
Chrome
= 0.4.154.33📦
Google
Chrome
= 1.0.154.36📦
Google
Chrome
= 1.0.154.39📦
Google
Chrome
= 1.0.154.42📦
Google
Chrome
= 1.0.154.43📦
Google
Chrome
= 1.0.154.46📦
Google
Chrome
= 1.0.154.48📦
Google
Chrome
= 1.0.154.52📦
Google
Chrome
= 1.0.154.53📦
Google
Chrome
= 1.0.154.59📦
Google
Chrome
= 1.0.154.65📦
Google
Chrome
= 2.0.156.1📦
Google
Chrome
= 2.0.157.0📦
Google
Chrome
= 2.0.157.2📦
Google
Chrome
= 2.0.158.0📦
Google
Chrome
= 2.0.159.0📦
Google
Chrome
= 2.0.169.0📦
Google
Chrome
= 2.0.169.1📦
Google
Chrome
= 2.0.170.0📦
Google
Chrome
= 2.0.172📦
Google
Chrome
= 2.0.172.2📦
Google
Chrome
= 2.0.172.8📦
Google
Chrome
= 2.0.172.27📦
Google
Chrome
= 2.0.172.28📦
Google
Chrome
= 2.0.172.30📦
Google
Chrome
= 2.0.172.31📦
Google
Chrome
= 2.0.172.33📦
Google
Chrome
= 2.0.172.37📦
Google
Chrome
= 2.0.172.38📦
Google
Chrome
= 3.0.182.2📦
Google
Chrome
= 3.0.190.2📦
Google
Chrome
= 3.0.193.2📦
Google
Chrome
= 3.0.195.21📦
Google
Chrome
= 3.0.195.24📦
Google
Chrome
= 3.0.195.32📦
Google