Lucene search

ChromeCVE-2012-2899

HistoryJan 05, 2014 - 8:55 p.m.

CVE-2012-2899

2014-01-0520:55:03

CWE-79

Chrome

web.nvd.nist.gov

google chrome

ios

same origin policy

uxss

cve-2012-2899

security vulnerability.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

50.7%

JSON

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.

Affected configurations

Nvd

Node

googlechromeRange≤21.0.1180.81

googlechromeMatch21.0.1180.0

googlechromeMatch21.0.1180.1

googlechromeMatch21.0.1180.2

googlechromeMatch21.0.1180.31

googlechromeMatch21.0.1180.32

googlechromeMatch21.0.1180.33

googlechromeMatch21.0.1180.34

googlechromeMatch21.0.1180.35

googlechromeMatch21.0.1180.36

googlechromeMatch21.0.1180.37

googlechromeMatch21.0.1180.38

googlechromeMatch21.0.1180.39

googlechromeMatch21.0.1180.41

googlechromeMatch21.0.1180.46

googlechromeMatch21.0.1180.47

googlechromeMatch21.0.1180.48

googlechromeMatch21.0.1180.49

googlechromeMatch21.0.1180.50

googlechromeMatch21.0.1180.51

googlechromeMatch21.0.1180.52

googlechromeMatch21.0.1180.53

googlechromeMatch21.0.1180.54

googlechromeMatch21.0.1180.55

googlechromeMatch21.0.1180.56

googlechromeMatch21.0.1180.57

googlechromeMatch21.0.1180.59

googlechromeMatch21.0.1180.60

googlechromeMatch21.0.1180.61

googlechromeMatch21.0.1180.62

googlechromeMatch21.0.1180.63

googlechromeMatch21.0.1180.64

googlechromeMatch21.0.1180.68

googlechromeMatch21.0.1180.69

googlechromeMatch21.0.1180.70

googlechromeMatch21.0.1180.71

googlechromeMatch21.0.1180.72

googlechromeMatch21.0.1180.73

googlechromeMatch21.0.1180.74

googlechromeMatch21.0.1180.75

googlechromeMatch21.0.1180.76

googlechromeMatch21.0.1180.77

googlechromeMatch21.0.1180.78

googlechromeMatch21.0.1180.79

googlechromeMatch21.0.1180.80

AND

appleipad2Match-

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
googlechrome21.0.1180.0cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*
googlechrome21.0.1180.1cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*
googlechrome21.0.1180.2cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*
googlechrome21.0.1180.31cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*
googlechrome21.0.1180.32cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*
googlechrome21.0.1180.33cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*
googlechrome21.0.1180.34cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*
googlechrome21.0.1180.35cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*
googlechrome21.0.1180.36cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
google	chrome	21.0.1180.0	cpe:2.3:a:google:chrome:21.0.1180.0:::::::*
google	chrome	21.0.1180.1	cpe:2.3:a:google:chrome:21.0.1180.1:::::::*
google	chrome	21.0.1180.2	cpe:2.3:a:google:chrome:21.0.1180.2:::::::*
google	chrome	21.0.1180.31	cpe:2.3:a:google:chrome:21.0.1180.31:::::::*
google	chrome	21.0.1180.32	cpe:2.3:a:google:chrome:21.0.1180.32:::::::*
google	chrome	21.0.1180.33	cpe:2.3:a:google:chrome:21.0.1180.33:::::::*
google	chrome	21.0.1180.34	cpe:2.3:a:google:chrome:21.0.1180.34:::::::*
google	chrome	21.0.1180.35	cpe:2.3:a:google:chrome:21.0.1180.35:::::::*
google	chrome	21.0.1180.36	cpe:2.3:a:google:chrome:21.0.1180.36:::::::*