CVE-2011-1190 — Sensitive Information Exposure in Google Chrome

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Google Chrome

Timeline

PublishedMar 11

Latest updateMay 13

Description

The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDgoogle/chrome< 10.0.648.127

▶NVDapple/safari< 5.0.6

▶NVDapple/iphone_os< 5.0

Patches

Patch: code.google.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-5pwj-4r4w-6355: The Web Workers implementation in Google Chrome before 10↗2022-05-13

▶

OSV

CVE-2011-1190: The Web Workers implementation in Google Chrome before 10↗2011-03-11

▶