Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveChromeCVE-2011-3956
HistoryFeb 09, 2012 - 4:10 a.m.

CVE-2011-3956

2012-02-0904:10:28
CWE-346
Chrome
web.nvd.nist.gov
30
cve-2011-3956
google chrome
same origin policy
sandbox
remote code execution

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

Low

EPSS

0.003

Percentile

71.7%

JSON

The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.

Affected configurations

Nvd
Node
googlechromeRange<17.0.963.46
VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Related

cvelist 1
prion 1
ubuntucve 1
debiancve 1
nvd 1
nessus 6
openvas 10
threatpost 1
freebsd 1
chrome 1
gentoo 1
cvelist
cvelist
CVE-2011-3956
2012-02-09 02:00:00
prion
prion
Design/Logic Flaw
2012-02-09 04:10:00
ubuntucve
ubuntucve
CVE-2011-3956
2012-02-09 00:00:00
debiancve
debiancve
CVE-2011-3956
2012-02-09 04:10:00
nvd
nvd
CVE-2011-3956
2012-02-09 04:10:28
nessus
nessus
Google Chrome < 17.0.963.46 Multiple Vulnerabilities
2012-02-08 00:00:00
Google Chrome < 17.0.963.46 Multiple Vulnerabilities
2012-02-08 00:00:00
Google Chrome < 17.0.963.46 Multiple Vulnerabilities
2012-02-09 00:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities - February 12 (MAC OS X)
2012-02-14 00:00:00
Google Chrome < 17.0.963.46 Multiple Vulnerabilities (Feb 2012) - Windows
2012-02-14 00:00:00
Google Chrome Multiple Vulnerabilities - February 12 (Windows)
2012-02-14 00:00:00
threatpost
threatpost
Google Fixes 20 Flaws in Chrome, Adds Scanning of Downloaded Files
2012-02-08 20:18:23
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-02-08 00:00:00
chrome
chrome
Stable Channel Update
2012-02-08 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2012-02-18 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

Low

EPSS

0.003

Percentile

71.7%

JSON
Related for CVE-2011-3956
cvelist1prion1ubuntucve1debiancve1nvd1nessus6openvas10threatpost1freebsd1chrome1gentoo1