CVE-2012-5117

critical

Description

Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15912

https://code.google.com/p/chromium/issues/detail?id=145915

http://www.securityfocus.com/bid/56413

http://osvdb.org/87076

http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html

Details

Source: Mitre, NVD

Published: 2012-11-07

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00228

Detections

Analytics