CVE-2011-2878

high

Description

Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

References

http://code.google.com/p/chromium/issues/detail?id=95671

http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14470

Details

Source: MITRE

Published: 2011-10-04

Updated: 2020-05-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH