CVE-2011-1435Incorrect Default Permissions in Google Chrome

CWE-276Incorrect Default Permissions2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 23.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedMay 3
Latest updateMay 13

Description

Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome< 11.0.696.57

Patches

Patch: code.google.comPatch: code.google.com

🔴Vulnerability Details

1
GHSA
GHSA-hmfw-8qff-cjm9: Google Chrome before 112022-05-13
CVE-2011-1435 — Incorrect Default Permissions in Google | cvebase