CVE-2011-2878

HIGH

Description

Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

References

http://code.google.com/p/chromium/issues/detail?id=95671

http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14470

Details

Source: MITRE

Published: 2011-10-04

Updated: 2020-05-08

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
56391Google Chrome < 14.0.835.202 Multiple VulnerabilitiesNessusWindows
high
800905Google Chrome < 14.0.835.202 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6032Google Chrome < 14.0.835.202 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
51069FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)NessusFreeBSD Local Security Checks
critical