CVE-2011-2782Incorrect Default Permissions in Google Chrome

CWE-276Incorrect Default Permissions2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedAug 3
Latest updateMay 13

Description

The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome< 13.0.782.107

🔴Vulnerability Details

1
GHSA
GHSA-952v-34cq-p7jx: The drag-and-drop implementation in Google Chrome before 132022-05-13
CVE-2011-2782 — Incorrect Default Permissions in Google | cvebase