CVE-2011-1300 — Google Chrome vulnerability

CWE-1892 documents2 sources

Severity

10.0CRITICALNVD

EPSS

7.3%

top 8.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Mozilla Firefox

Timeline

PublishedApr 15

Latest updateMay 14

Description

The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDgoogle/chrome< 10.0.648.205

▶NVDmozilla/firefox4.0

🔴Vulnerability Details

GHSA

GHSA-ghc9-5whm-hrvq: The Program::getActiveUniformMaxLength function in libGLESv2/Program↗2022-05-14

▶