Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.
Conclusion & alert: CVE-2010-1767 is rated Moderate Risk (47.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.96%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.63% | 0.96% | +0.33% |
| 2 | 2025-03-17 | 0.38% | 0.63% | +0.25% |
| 3 | 2023-03-07 | — | 0.38% | — |
Full EPSS history (4 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.8 | 2.0 | MEDIUM |
|
8.6 | 6.4 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
ubuntu
|
low | CVE-2010-1767 low priority: Ubuntu including 3 source packages (chromium-browser, qt4-x11, webkit), 27 status rows across 9 suites (dapper, hardy, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): not-affected 12, DNE 5, ignored 5, needs-triage 3, released 2. | https://ubuntu.com/security/CVE-2010-1767 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| chrome | <= 4.1.249.1058 | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| chrome | 1.0.154.53 | cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:* | |
| chrome | 1.0.154.59 | cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:* | |
| chrome | 1.0.154.64 | cpe:2.3:a:google:chrome:1.0.154.64:*:*:*:*:*:*:* | |
| chrome | 1.0.154.65 | cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:* | |
| chrome | 2.0.169.0 | cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:* | |
| chrome | 2.0.169.1 | cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:* | |
| chrome | 2.0.170.0 | cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:* | |
| chrome | 2.0.172.2 | cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:* | |
| chrome | 2.0.172.8 | cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:* | |
| chrome | 2.0.172.27 | cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:* | |
| chrome | 2.0.172.28 | cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:* | |
| chrome | 2.0.172.30 | cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:* | |
| chrome | 2.0.172.33 | cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:* | |
| chrome | 2.0.172.37 | cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:* | |
| chrome | 2.0.172.38 | cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:* | |
| chrome | 3.0.182.2 | cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:* | |
| chrome | 3.0.195.2 | cpe:2.3:a:google:chrome:3.0.195.2:*:*:*:*:*:*:* | |
| chrome | 3.0.195.21 | cpe:2.3:a:google:chrome:3.0.195.21:*:*:*:*:*:*:* | |
| chrome | 3.0.195.24 | cpe:2.3:a:google:chrome:3.0.195.24:*:*:*:*:*:*:* | |
| chrome | 3.0.195.25 | cpe:2.3:a:google:chrome:3.0.195.25:*:*:*:*:*:*:* | |
| chrome | 3.0.195.27 | cpe:2.3:a:google:chrome:3.0.195.27:*:*:*:*:*:*:* | |
| chrome | 3.0.195.33 | cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:* | |
| chrome | 3.0.195.36 | cpe:2.3:a:google:chrome:3.0.195.36:*:*:*:*:*:*:* | |
| chrome | 3.0.195.37 | cpe:2.3:a:google:chrome:3.0.195.37:*:*:*:*:*:*:* | |
| chrome | 3.0.195.38 | cpe:2.3:a:google:chrome:3.0.195.38:*:*:*:*:*:*:* | |
| chrome | 4.0.212.0 | cpe:2.3:a:google:chrome:4.0.212.0:*:*:*:*:*:*:* | |
| chrome | 4.0.212.1 | cpe:2.3:a:google:chrome:4.0.212.1:*:*:*:*:*:*:* | |
| chrome | 4.0.221.8 | cpe:2.3:a:google:chrome:4.0.221.8:*:*:*:*:*:*:* | |
| chrome | 4.0.222.0 | cpe:2.3:a:google:chrome:4.0.222.0:*:*:*:*:*:*:* | |
| chrome | 4.0.222.1 | cpe:2.3:a:google:chrome:4.0.222.1:*:*:*:*:*:*:* | |
| chrome | 4.0.222.5 | cpe:2.3:a:google:chrome:4.0.222.5:*:*:*:*:*:*:* | |
| chrome | 4.0.222.12 | cpe:2.3:a:google:chrome:4.0.222.12:*:*:*:*:*:*:* | |
| chrome | 4.0.223.0 | cpe:2.3:a:google:chrome:4.0.223.0:*:*:*:*:*:*:* | |
| chrome | 4.0.223.1 | cpe:2.3:a:google:chrome:4.0.223.1:*:*:*:*:*:*:* | |
| chrome | 4.0.223.2 | cpe:2.3:a:google:chrome:4.0.223.2:*:*:*:*:*:*:* | |
| chrome | 4.0.223.4 | cpe:2.3:a:google:chrome:4.0.223.4:*:*:*:*:*:*:* | |
| chrome | 4.0.223.5 | cpe:2.3:a:google:chrome:4.0.223.5:*:*:*:*:*:*:* | |
| chrome | 4.0.223.7 | cpe:2.3:a:google:chrome:4.0.223.7:*:*:*:*:*:*:* | |
| chrome | 4.0.223.8 | cpe:2.3:a:google:chrome:4.0.223.8:*:*:*:*:*:*:* | |
| chrome | 4.0.223.9 | cpe:2.3:a:google:chrome:4.0.223.9:*:*:*:*:*:*:* | |
| chrome | 4.0.224.0 | cpe:2.3:a:google:chrome:4.0.224.0:*:*:*:*:*:*:* | |
| chrome | 4.0.229.1 | cpe:2.3:a:google:chrome:4.0.229.1:*:*:*:*:*:*:* | |
| chrome | 4.0.235.0 | cpe:2.3:a:google:chrome:4.0.235.0:*:*:*:*:*:*:* | |
| chrome | 4.0.236.0 | cpe:2.3:a:google:chrome:4.0.236.0:*:*:*:*:*:*:* | |
| chrome | 4.0.237.0 | cpe:2.3:a:google:chrome:4.0.237.0:*:*:*:*:*:*:* | |
| chrome | 4.0.237.1 | cpe:2.3:a:google:chrome:4.0.237.1:*:*:*:*:*:*:* | |
| chrome | 4.0.239.0 | cpe:2.3:a:google:chrome:4.0.239.0:*:*:*:*:*:*:* | |
| chrome | 4.0.240.0 | cpe:2.3:a:google:chrome:4.0.240.0:*:*:*:*:*:*:* | |
| chrome | 4.0.241.0 | cpe:2.3:a:google:chrome:4.0.241.0:*:*:*:*:*:*:* | |
| chrome | 4.0.242.0 | cpe:2.3:a:google:chrome:4.0.242.0:*:*:*:*:*:*:* | |
| chrome | 4.0.243.0 | cpe:2.3:a:google:chrome:4.0.243.0:*:*:*:*:*:*:* | |
| chrome | 4.0.244.0 | cpe:2.3:a:google:chrome:4.0.244.0:*:*:*:*:*:*:* | |
| chrome | 4.0.245.0 | cpe:2.3:a:google:chrome:4.0.245.0:*:*:*:*:*:*:* | |
| chrome | 4.0.245.1 | cpe:2.3:a:google:chrome:4.0.245.1:*:*:*:*:*:*:* | |
| chrome | 4.0.246.0 | cpe:2.3:a:google:chrome:4.0.246.0:*:*:*:*:*:*:* | |
| chrome | 4.0.247.0 | cpe:2.3:a:google:chrome:4.0.247.0:*:*:*:*:*:*:* | |
| chrome | 4.0.248.0 | cpe:2.3:a:google:chrome:4.0.248.0:*:*:*:*:*:*:* | |
| chrome | 4.0.249.0 | cpe:2.3:a:google:chrome:4.0.249.0:*:*:*:*:*:*:* | |
| chrome | 4.0.249.1 | cpe:2.3:a:google:chrome:4.0.249.1:*:*:*:*:*:*:* | |
| chrome | 4.0.249.2 | cpe:2.3:a:google:chrome:4.0.249.2:*:*:*:*:*:*:* | |
| chrome | 4.0.249.3 | cpe:2.3:a:google:chrome:4.0.249.3:*:*:*:*:*:*:* | |
| chrome | 4.0.249.4 | cpe:2.3:a:google:chrome:4.0.249.4:*:*:*:*:*:*:* | |
| chrome | 4.0.249.5 | cpe:2.3:a:google:chrome:4.0.249.5:*:*:*:*:*:*:* | |
| chrome | 4.0.249.6 | cpe:2.3:a:google:chrome:4.0.249.6:*:*:*:*:*:*:* | |
| chrome | 4.0.249.7 | cpe:2.3:a:google:chrome:4.0.249.7:*:*:*:*:*:*:* | |
| chrome | 4.0.249.8 | cpe:2.3:a:google:chrome:4.0.249.8:*:*:*:*:*:*:* | |
| chrome | 4.0.249.9 | cpe:2.3:a:google:chrome:4.0.249.9:*:*:*:*:*:*:* | |
| chrome | 4.0.249.10 | cpe:2.3:a:google:chrome:4.0.249.10:*:*:*:*:*:*:* | |
| chrome | 4.0.249.11 | cpe:2.3:a:google:chrome:4.0.249.11:*:*:*:*:*:*:* | |
| chrome | 4.0.249.12 | cpe:2.3:a:google:chrome:4.0.249.12:*:*:*:*:*:*:* | |
| chrome | 4.0.249.14 | cpe:2.3:a:google:chrome:4.0.249.14:*:*:*:*:*:*:* | |
| chrome | 4.0.249.16 | cpe:2.3:a:google:chrome:4.0.249.16:*:*:*:*:*:*:* | |
| chrome | 4.0.249.17 | cpe:2.3:a:google:chrome:4.0.249.17:*:*:*:*:*:*:* | |
| chrome | 4.0.249.18 | cpe:2.3:a:google:chrome:4.0.249.18:*:*:*:*:*:*:* | |
| chrome | 4.0.249.19 | cpe:2.3:a:google:chrome:4.0.249.19:*:*:*:*:*:*:* | |
| chrome | 4.0.249.20 | cpe:2.3:a:google:chrome:4.0.249.20:*:*:*:*:*:*:* | |
| chrome | 4.0.249.21 | cpe:2.3:a:google:chrome:4.0.249.21:*:*:*:*:*:*:* | |
| chrome | 4.0.249.22 | cpe:2.3:a:google:chrome:4.0.249.22:*:*:*:*:*:*:* | |
| chrome | 4.0.249.23 | cpe:2.3:a:google:chrome:4.0.249.23:*:*:*:*:*:*:* |