CVE-2011-2599 — Sensitive Information Exposure in Google Chrome

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 55.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Jenkins ANT Plugin Jenkins Core +1 more

Timeline

PublishedJun 30

Latest updateMay 17

Description

Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDgoogle/chrome11

▶jenkinsjenkins/ant_plugin

▶jenkinsjenkins/jenkins_lts

▶jenkinsjenkins/jenkins_core

🔴Vulnerability Details

GHSA

GHSA-gv9p-8h7m-348v: Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrar↗2022-05-17

▶