CVE-2011-2845 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 32.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Google Chrome

Timeline

PublishedOct 25

Latest updateMay 13

Description

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDgoogle/chrome< 15.0.874.102

▶NVDapple/safari< 6.0

▶NVDapple/iphone_os< 6.0

🔴Vulnerability Details

GHSA

GHSA-432j-m9p2-95fc: Google Chrome before 15↗2022-05-13

▶

OSV

CVE-2011-2845: Google Chrome before 15↗2011-10-25

▶