VIR Vulnerability Intelligence Relay

CVE-2010-1663

critical
Published 2010-05-03 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-12657 remote windows verified
Jordi Chancel ยท 2010-05-19

Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)

Source code queued for fetch โ€” refresh in a moment.

Application impact
VendorProductVersionsFixed
gcp googlechrome{"endIncluding":"4.1.249.1063"}
gcp googlechrome0.2.149.27
gcp googlechrome0.2.149.29
gcp googlechrome0.2.149.30
gcp googlechrome0.2.152.1
gcp googlechrome0.2.153.1
gcp googlechrome0.3.154.0
gcp googlechrome0.3.154.3
gcp googlechrome0.4.154.18
gcp googlechrome0.4.154.22
gcp googlechrome0.4.154.31
gcp googlechrome0.4.154.33
gcp googlechrome1.0.154.36
gcp googlechrome1.0.154.39
gcp googlechrome1.0.154.42
gcp googlechrome1.0.154.43
gcp googlechrome1.0.154.46
gcp googlechrome1.0.154.48
gcp googlechrome1.0.154.52
gcp googlechrome1.0.154.53
gcp googlechrome1.0.154.59
gcp googlechrome1.0.154.64
gcp googlechrome1.0.154.65
gcp googlechrome2.0.156.1
gcp googlechrome2.0.157.0
gcp googlechrome2.0.157.2
gcp googlechrome2.0.158.0
gcp googlechrome2.0.159.0
gcp googlechrome2.0.169.0
gcp googlechrome2.0.169.1
gcp googlechrome2.0.170.0
gcp googlechrome2.0.172
gcp googlechrome2.0.172.2
gcp googlechrome2.0.172.8
gcp googlechrome2.0.172.27
gcp googlechrome2.0.172.28
gcp googlechrome2.0.172.30
gcp googlechrome2.0.172.31
gcp googlechrome2.0.172.33
gcp googlechrome2.0.172.37
gcp googlechrome2.0.172.38
gcp googlechrome3.0.182.2
gcp googlechrome3.0.190.2
gcp googlechrome3.0.193.2
gcp googlechrome3.0.195.2
gcp googlechrome3.0.195.21
gcp googlechrome3.0.195.24
gcp googlechrome3.0.195.25
gcp googlechrome3.0.195.27
gcp googlechrome3.0.195.32
gcp googlechrome3.0.195.33
gcp googlechrome3.0.195.36
gcp googlechrome3.0.195.37
gcp googlechrome3.0.195.38
gcp googlechrome4.1
gcp googlechrome4.1.249.0
gcp googlechrome4.1.249.1001
gcp googlechrome4.1.249.1004
gcp googlechrome4.1.249.1006
gcp googlechrome4.1.249.1007
gcp googlechrome4.1.249.1008
gcp googlechrome4.1.249.1009
gcp googlechrome4.1.249.1010
gcp googlechrome4.1.249.1011
gcp googlechrome4.1.249.1012
gcp googlechrome4.1.249.1013
gcp googlechrome4.1.249.1014
gcp googlechrome4.1.249.1015
gcp googlechrome4.1.249.1016
gcp googlechrome4.1.249.1017
gcp googlechrome4.1.249.1018
gcp googlechrome4.1.249.1019
gcp googlechrome4.1.249.1020
gcp googlechrome4.1.249.1021
gcp googlechrome4.1.249.1022
gcp googlechrome4.1.249.1023
gcp googlechrome4.1.249.1024
gcp googlechrome4.1.249.1025
gcp googlechrome4.1.249.1026
gcp googlechrome4.1.249.1027
gcp googlechrome4.1.249.1028
gcp googlechrome4.1.249.1029
gcp googlechrome4.1.249.1030
gcp googlechrome4.1.249.1031
gcp googlechrome4.1.249.1032
gcp googlechrome4.1.249.1033
gcp googlechrome4.1.249.1034
gcp googlechrome4.1.249.1035
gcp googlechrome4.1.249.1036
gcp googlechrome4.1.249.1042
gcp googlechrome4.1.249.1045
gcp googlechrome4.1.249.1046
gcp googlechrome4.1.249.1047
gcp googlechrome4.1.249.1048
gcp googlechrome4.1.249.1049
gcp googlechrome4.1.249.1050
gcp googlechrome4.1.249.1051
gcp googlechrome4.1.249.1052
gcp googlechrome4.1.249.1053
gcp googlechrome4.1.249.1054
gcp googlechrome4.1.249.1055
gcp googlechrome4.1.249.1056
gcp googlechrome4.1.249.1057
gcp googlechrome4.1.249.1058
gcp googlechrome4.1.249.1059
gcp googlechrome4.1.249.1060
gcp googlechrome4.1.249.1061
gcp googlechrome4.1.249.1062

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.