CVE-2010-0644 in Chromeinfo

Summary

by MITRE

Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/30/2026

The vulnerability described in CVE-2010-0644 represents a significant privacy and security flaw in Google Chrome versions prior to 4.0.249.89 when utilizing SOCKS 5 proxy configurations. This issue stems from the browser's improper handling of DNS resolution processes when operating through proxy servers, creating an unintended information disclosure channel that undermines user anonymity and privacy protections.

The technical flaw occurs within Chrome's network stack implementation where DNS queries are sent directly to remote DNS servers rather than being properly routed through the configured SOCKS 5 proxy. This behavior violates the fundamental principle of proxy-based anonymity systems where all network traffic should be encapsulated and forwarded through the proxy server. The vulnerability specifically affects the DNS resolution process, which is critical for establishing network connections and can reveal sensitive information about the client's network environment and user identity.

When users configure Chrome to use a SOCKS 5 proxy for anonymity purposes, the browser's failure to route DNS queries through the proxy creates a communication channel that bypasses the intended privacy protections. Remote DNS servers can log and analyze these direct queries to infer information about the client's browsing patterns, accessed domains, and potentially even the user's identity through various fingerprinting techniques. This represents a critical failure in the proxy chain that undermines the entire purpose of using anonymous proxy configurations.

The operational impact of this vulnerability extends beyond simple privacy concerns to encompass potential security risks for users who rely on proxy servers for anonymity or access control. Attackers could exploit this weakness to perform passive reconnaissance, track user behavior across different networks, and potentially correlate DNS query patterns with other network traffic to reconstruct user activities. The vulnerability is particularly concerning in environments where users require anonymity or where proxy configurations are used to bypass geographic restrictions or content filtering systems.

This vulnerability aligns with CWE-200, which addresses "Information Exposure," and represents a failure in proper network traffic handling that exposes sensitive information. From an ATT&CK framework perspective, this issue corresponds to techniques involving information gathering and reconnaissance, specifically T1592 for "Gather Victim Identity Information" and T1071 for "Application Layer Protocol". The flaw demonstrates how improper implementation of network security controls can create unexpected information leakage channels that compromise user privacy.

The recommended mitigation involves updating to Chrome version 4.0.249.89 or later, which properly implements DNS query routing through SOCKS 5 proxies. Organizations should also implement network monitoring to detect and alert on unusual DNS query patterns that might indicate similar issues in other applications or browser versions. Additionally, users should be educated about the importance of keeping their browser software updated and the potential privacy implications of proxy configurations. Security teams should conduct regular assessments of their network traffic patterns to identify potential information disclosure vulnerabilities in their browser deployments and proxy configurations.

Reservation

02/18/2010

Disclosure

02/18/2010

Moderation

accepted

Entry

VDB-51871

CPE

ready

EPSS

0.00859

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!